Container Signing and Verification
Jackson container images are signed and can be verified using cosign.
Fetching our public key
You can use oras (or a similar OCI artifacts tool) to fetch our public key or download it from our website here.
oras pull ghcr.io/boxyhq/cosign.pub:latest
Note: This is supported for all versions >=1.6.0
Our container images are hosted on Docker Hub. You can verify it by using the following command.
cosign verify --key cosign.pub boxyhq/jackson:<version>