Procedural
Overview of Migrating to Chainguard Images
This overview serves as a collection of information and resources on migrating to Chainguard Images.
How to Sign an SBOM with Cosign
Signing software bills of materials with Cosign
How to Set Up Pull Through from Chainguard Registry to Google Artifact Registry
Tutorial outlining how to set up a Google Artifact Registry repository to pull Images through from the Chainguard Registry.
Create an Assumable Identity for a GitHub Actions Workflow
Procedural tutorial outlining how to create a Chainguard Enforce identity that can be assumed by a GitHub Actions workflow.
How to Verify File Signatures with Rekor or curl
Use Rekor or curl to verify non-container software artifacts
How to Set Up An Instance of Rekor Instance Locally
Create your own instance of the Rekor transparency log
Disallowing Non-Default Capabilities
Using Policy Controller to prevent running pods with extra capabilities