Procedural
How to Sign an SBOM with Cosign
Signing software bills of materials with Cosign
Overview of Migrating to Chainguard ImagesThis overview serves as a collection of information and resources on migrating to Chainguard Images.
How to Set Up Pull Through from Chainguard Registry to Google Artifact RegistryTutorial outlining how to set up a Google Artifact Registry repository to pull Images through from the Chainguard Registry.
Create an Assumable Identity for a GitHub Actions WorkflowProcedural tutorial outlining how to create a Chainguard Enforce identity that can be assumed by a GitHub Actions workflow.
How to Verify File Signatures with Rekor or curlUse Rekor or curl to verify non-container software artifacts
How to Set Up An Instance of Rekor Instance LocallyCreate your own instance of the Rekor transparency log
Disallowing Non-Default CapabilitiesUsing Policy Controller to prevent running pods with extra capabilities