Supply chain security has become one of the most pressing challenges for modern cloud-native applications. Every container image, Helm chart, SBOM, or AI model that flows through your CI/CD pipeline carries risk if its integrity or authenticity cannot be guaranteed. Attackers may attempt to tamper with artifacts, replace trusted images with malicious ones, or inject unverified base images into builds.
Today, we’re excited to highlight how Notary Project and Trusted Signing (Public Preview) make it easier than ever to secure your container image supply chain with strong, standards-based signing and verification.
Why image signing matters
Image signing addresses two fundamental questions in the software supply chain:
- Integrity: Is this artifact exactly the same one that was originally published?
- Authenticity: Did this artifact really come from the expected publisher?
Without clear answers, organizations risk deploying compromised images into production environments. With signing and verification in place, you can block untrusted artifacts at build time or deployment, ensuring only approved content runs in your clusters.
Notary Project: A standard-based solution
Notary Project is a CNCF open-source initiative that defines standards for signing and verifying OCI artifacts—including container images, SBOMs, Helm charts, and AI models. It provides a consistent, interoperable framework for ensuring artifact integrity and authenticity across different registries, platforms, and tools.
Notary Project includes two key sub-projects that address different stages of the supply chain:
- Notation – a CLI tool designed for developers and CI/CD pipelines. It enables publishers to sign artifacts after they are built and consumers to verify signatures before artifacts are used in builds.
- Ratify – a verification engine that integrates with Azure policy and Azure Kubernetes Service (AKS). It enforces signature verification at deployment time, ensuring only trusted artifacts are admitted to run in the cluster.
Together, Notation and Ratify extend supply chain security from the build pipeline all the way to runtime, closing critical gaps and reducing the risk of running unverified content.
Trusted Signing: Simplifying certificate management
Traditionally, signing workflows required managing certificates: issuing, rotating, and renewing them through services like Azure Key Vault. While this provides control, it also adds operational overhead.
Trusted Signing changes the game. It offers:
- Zero-touch certificate lifecycle management: no manual issuance or rotation.
- Short-lived certificate: reducing the attack surface.
- Built-in timestamping support: ensuring signatures remain valid even after certificates expire.
With Trusted Signing, developers focus on delivering software, not managing certificates.
End-to-end scenarios
Here’s how organizations can use Notary Project and Trusted Signing together:
- Sign in CI/CD: An image publisher signs images as part of a GitHub Actions or Azure DevOps pipeline, ensuring every artifact carries a verifiable signature.
- Verify in AKS: An image consumer configures Ratify and Azure Policy on an AKS cluster to enforce that only signed images can be deployed.
- Verify in build pipelines: Developers ensure base images and dependencies are verified before they’re used in application builds, blocking untrusted upstream components.
- Extend to all OCI artifacts: Beyond container images, SBOMs, Helm charts, and even AI models can be signed and verified with the same workflow.
Get started
To help you get started, we’ve published new documentation and step-by-step tutorials:
- Overview: Ensuring integrity and authenticity of container images and OCI artifacts
- Sign and verify images with Notation CLI and Trusted Signing
- Sign container images in GitHub Actions with Trusted Signing
- Verify signatures in GitHub Actions
- Verify signatures on AKS with Ratify
Try it now
Supply chain security is no longer optional. By combining Notary Project with the streamlined certificate management experience of Trusted Signing, you can strengthen the integrity and authenticity of every artifact in your pipeline without slowing down your teams.
Start signing today and take the next step toward a trusted software supply chain.
Microsoft