如果容器构建过程受到破坏，它会使用户很容易意外使用恶意镜像而不是实际的容器镜像。对容器进行签名和验证始终确保我们运行的是实际的容器镜像。
https://github.com/sigstore/cosign

安装二进制命令

git clone https://github.com/sigstore/cosign
go mod tidy
go build cmd/cosign/main.go

拿目标仓库的两个镜像进行sign测试，对170签名，171保留原状

[root@jenkins-bj-ali-ql1 ssl]# cosign generate-key-pair
Enter password for private key: 
Enter password for private key again: 
Private key written to cosign.key
Public key written to cosign.pub
[root@jenkins-bj-ali-ql1 ssl]# ls
cosign.key  cosign.pub
# Sign前仓库里必须已存在目标镜像！！！！！！！注意这个-y很重要
[root@jenkins-bj-ali-ql1 ssl]# cosign sign -y --key cosign.key registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:170
Enter password for private key: 
WARNING: Image reference registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:170 uses a tag, not a digest, to identify the image to sign.
    This can lead you to sign a different image than the intended one. Please use a
    digest (example.com/ubuntu@sha256:abc123...) rather than tag
    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
    images by tag will be removed in a future release.


	The sigstore service, hosted by sigstore a Series of LF Projects, LLC, is provided pursuant to the Hosted Project Tools Terms of Use, available at https://lfprojects.org/policies/hosted-project-tools-terms-of-use/.
	Note that if your submission includes personal data associated with this signed artifact, it will be part of an immutable record.
	This may include the email address associated with the account with which you authenticate your contractual Agreement.
	This information will be used for signing this artifact and will be stored in public transparency logs and cannot be removed later, and is subject to the Immutable Record notice at https://lfprojects.org/policies/hosted-project-tools-immutable-records/.

By typing 'y', you attest that (1) you are not submitting the personal data of any other person; and (2) you understand and agree to the statement and the Agreement terms at the URLs listed above.
tlog entry created with index: 27465650
Pushing signature to: registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud

# 对仓库内不存在的镜像sign会报错
[root@jenkins-bj-ali-ql1 ssl]# cosign sign --key cosign.key registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:999
Enter password for private key: 
WARNING: Image reference registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:999 uses a tag, not a digest, to identify the image to sign.
    This can lead you to sign a different image than the intended one. Please use a
    digest (example.com/ubuntu@sha256:abc123...) rather than tag
    (example.com/ubuntu:latest) for the input to cosign. The ability to refer to
    images by tag will be removed in a future release.


Error: signing [registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:999]: accessing entity: entity not found in registry
main.go:74: error during command execution: signing [registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:999]: accessing entity: entity not found in registry

对两个镜像进行验证

[root@jenkins-bj-ali-ql1 ssl]# cosign verify --key cosign.pub registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:170
WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.

Verification for registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:170 --
The following checks were performed on each of these signatures:
  - The cosign claims were validated
  - The signatures were verified against the specified public key

[{"critical":{"identity":{"docker-reference":"registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud"},"image":{"docker-manifest-digest":"sha256:111b8d2395971a50057519c19d23e521d03d436769e14da990dfa4dce32ff17d"},"type":"cosign container image signature"},"optional":null}]
[root@jenkins-bj-ali-ql1 ssl]# cosign verify --insecure-ignore-tlog=true --key cosign.pub registry.cn-beijing.aliyuncs.com/bfmq/devops-cicd-dev-bfmq-cloud:171
WARNING: Skipping tlog verification is an insecure practice that lacks of transparency and auditability verification for the signature.
Error: no matching signatures
main.go:69: error during command execution: no matching signatures

编写jenkins pipeline

sign是对仓库镜像进行签名，因此需要在push完成后了

        stage('Push') {
            steps {
                script {
                    def exitValue = sh(script: "trivy image ${JOB_NAME}:${BUILD_NUMBER} -o layer.table --exit-code 0 -s MEDIUM,HIGH,CRITICAL --skip-db-update=true -q", returnStatus: true)
                    if (exitValue != 0) {
                        sh "cat layer.table"
                        error "Docker layer security scan failed"
                    }
                    sh "docker push ${env.registry_url}/${JOB_NAME}:${BUILD_NUMBER}"
                }
            }
        }
        stage('Sign') {
            steps {
                script {
                    sh "export COSIGN_PASSWORD=123456"
                    sh "cosign sign -y --key ${JENKINS_HOME}/conf.d/ssl/cosign.key ${env.registry_url}/${JOB_NAME}:${BUILD_NUMBER}"
                }
            }
        }

其他容器签名验证工具
Cosign
Skopeo
goss
kgoss

参考
https://github.com/sigstore/cosign
https://github.com/sigstore/cosign/issues/2736
https://kyverno.io/docs/writing-policies/verify-images/sigstore/