Download SLSA Attestation
Supply chain security attestation for your image
Download the SLSA (Supply chain Levels for Software Artifacts) attestation to verify the build provenance of your container image.
cosign download attestation -predicate-type=https://slsa.dev/provenance/v0.2 -platform=linux/arm64 <IMAGE_URI> | jq -r .payload | base64 -d | jq .predicatewith your actual image URI
Download SBOM
Software Bill of Materials for vulnerability scanning
Download the SBOM (Software Bill of Materials) to get a complete inventory of all components in your container image.
cosign download attestation -predicate-type=https://spdx.dev/Document -platform=linux/amd64 <IMAGE_URI> | jq -r .payload | base64 -d | jq .predicate