Verified steps

Use the ORAS CLI to push an arbitrary file as an OCI artifact: oras push registry/repo:tag --artifact-type application/vnd.custom.sbom+json sbom.json specifying a custom media type so the registry stores it alongside container images
Attach the SBOM artifact to an existing container image digest using oras attach with a --subject flag pointing to the image digest, creating a referrer relationship stored in the registry's referrers API
Sign the SBOM artifact's digest with cosign using keyless signing via OIDC: cosign sign --yes registry/repo@sha256:digest, producing a Sigstore-rooted signature stored as a referrer to the SBOM artifact
Verify the artifact's signature chain: use oras discover to list referrers of the container image, then cosign verify with --certificate-oidc-issuer and --certificate-identity-regexp to confirm the signer identity
Pull the verified artifact in a downstream pipeline using oras pull registry/repo:tag --output ./artifacts and verify the file hash against a known-good value before using the SBOM in a vulnerability scan
Automate the full push-attach-sign workflow in a GitHub Actions job and use the OCI referrers API endpoint to query which SBOMs are attached to a given image before a production deploy gate

Known gotchas

Not all registries implement the OCI referrers API (distribution-spec 1.1); some registries such as older ECR versions return 404 on the referrers endpoint, and ORAS falls back to a referrers tag scheme that may not be supported by cosign's verify flow
OCI artifact media types are not validated by most registries; pushing with an incorrect or missing artifact-type means downstream tools cannot distinguish an SBOM from a Helm chart stored in the same repository, so a registry-level content addressable naming scheme is essential
cosign keyless signatures include an OIDC identity claim that expires; a signature generated in a GitHub Actions OIDC context includes the workflow and repository claims, and changing the workflow file path or repository name will cause cosign verify to reject previously valid signatures

Push and pull Helm charts as OCI artifacts using GHCR and the Helm OCI registry support

helm.sh/docs/topics/registries · 6 steps · unrated

Attach a CycloneDX SBOM as a keyless cosign attestation to a container image pushed to GHCR using Sigstore's public Fulcio CA

docs.sigstore.dev · 5 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Configure OCI artifact push and pull for a non-container artifact (SBOM, attestation bundle, or Helm values file) using ORAS CLI and verify artifact integrity with cosign

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes