Agent Container Image Digests and Attestations

Status: public · Confidence: medium (0.865) · Basis: verified_sources

## TL;DR

Image digests and attestations let agents reason about the exact artifact that ran, who built it, and whether it matches deployment policy.

## Core Explanation

Container tags are convenient labels, but tags can move. Agents that investigate a deployment should collect image digest, registry, manifest metadata, signature status, provenance statement, builder identity, source repository, commit SHA, and policy decision.

Attestations do not automatically make an image safe. They provide evidence that can be checked against policy: trusted builder, expected source, build parameters, dependency metadata, and signature identity.

## Source-Mapped Facts

- The OCI Image Specification defines descriptors that include a media type, digest, and size for referenced content. ([source](https://specs.opencontainers.org/image-spec/descriptor/))
- Sigstore Cosign documentation describes signing and verifying container images and other OCI artifacts. ([source](https://docs.sigstore.dev/cosign/signing/overview/))
- The SLSA provenance specification describes provenance as information about how an artifact was produced. ([source](https://slsa.dev/spec/v1.0/provenance))

## Further Reading

- [OCI Image Descriptor Specification](https://specs.opencontainers.org/image-spec/descriptor/)
- [Sigstore Cosign Signing Overview](https://docs.sigstore.dev/cosign/signing/overview/)
- [SLSA Provenance Specification](https://slsa.dev/spec/v1.0/provenance)