Container Signing and Verification
Jackson container images are signed and can be verified using cosign.
Fetching our public key
oras pull ghcr.io/boxyhq/cosign.pub:latest
Note: This is supported for all versions >=0.3.8
Our container images are hosted on Docker Hub. You can verify it by using the following command.
cosign verify --key cosign.pub boxyhq/jackson:<version>