Modifying the Immutable: Attaching Artifacts to OCI Images

Presenters: Brandon Mitchell (BoxBoat, an IBM Company)

Session Type: Presentation (25min)

Topics: Container/Image Security/SBOM, Image formats & standards, Image transports, OCI

Session Details:

Images are now being pushed to OCI registries with more and more metadata, including attestations, signatures, and SBOMs. What is involved with adding your own artifacts? This talk walks through how OCI recently standardized the process, and describes how additional data can be added to an image with an immutable digest. You’ll learn how tooling can ship SBOMs along side images, both for the vendor generating the SBOM and the user searching for it. And this talk will cover many of the gotchas you may encounter when implementing this yourself.