Emphere Artifacts

Public artifacts for verifying Emphere container images.

Cosign Public Key

All Emphere base images are signed using Cosign. Use the public key in this repository to verify image signatures and SBOM attestations.

Verify Image Signature

cosign verify --key https://raw.githubusercontent.com/emphereio/artifacts/main/cosign.pub IMAGE

Verify SBOM Attestation

cosign verify-attestation --key https://raw.githubusercontent.com/emphereio/artifacts/main/cosign.pub --type cyclonedx IMAGE

Example

# Verify the Debian 12 base image
cosign verify \
  --key https://raw.githubusercontent.com/emphereio/artifacts/main/cosign.pub \
  us-central1-docker.pkg.dev/prj-p-eka/bases/debian-12:latest

Key Fingerprint

You can verify the key fingerprint:

curl -s https://raw.githubusercontent.com/emphereio/artifacts/main/cosign.pub | openssl ec -pubin -text -noout

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
cosign		cosign
LICENSE		LICENSE
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Emphere Artifacts

Cosign Public Key

Verify Image Signature

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

Emphere Artifacts

Cosign Public Key

Verify Image Signature

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Packages