Generate an SBOM for your container image using Syft: syft IMAGE_REF -o spdx-json > sbom.spdx.json.
Attach the SBOM as a signed in-toto attestation with: cosign attest --predicate sbom.spdx.json --type spdxjson IMAGE_DIGEST_REF (keyless) or add --key cosign.key for key-based signing.
Verify the attestation is stored in the registry by running cosign download attestation IMAGE_DIGEST_REF to list all attached attestations.
Optionally, pipe the verified attestation payload through jq to extract package names and versions for downstream vulnerability scanning with Grype.
Enforce attestation presence at deploy time using the Sigstore Policy Controller's ClusterImagePolicy with an attestations rule requiring the spdxjson predicate type.
Known gotchas
cosign attest creates a signed attestation; cosign attach sbom only attaches without signing and provides no authenticity guarantee — prefer attest for supply-chain security.
The predicate type string must match exactly between attest and verify-attestation; a mismatch causes verification to return no results silently.
Attestations are stored as separate OCI artifacts referencing the image digest; if the image is re-tagged or moved, the attestation link is preserved but must be explicitly copied with cosign copy.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp