Provenance Registry Artifact Attestation
ARTIFACT

aureliasrs/api:3.1.0-arm64

container-images / v3.1.0 / aureliasrs/api:3.1.0-arm64
Published:

OCI Image Details

OCI Image
linux/arm64
145 MB
SLSA 3
# Pull by digest (immutable reference)
docker pull aureliasrs/api:3.1.0-arm64@sha256:img002345678901bcdef2345678901bcdef2345678901bcdef2345678901bcde

# Verify with cosign
cosign verify aureliasrs/api:3.1.0-arm64@sha256:img002345678901bcdef2345678901bcdef2345678901bcdef2345678901bcde

SLSA Provenance

SLSA 3

Builder Level: 3

Digests

Content-addressed checksums for verifying artifact integrity.

img002345678901bcdef2345678901bcdef2345678901bcdef2345678901bcde
img512002345678901bcdef2345678901bcdef2345678901bcdef2345678901bcdef2345678901bcdef2345678901bcdef2345678901bcdef2345678901bcde
imgblk002345678901bcdef2345678901bcdef2345678901bcdef2345678901bc
# Download artifact
curl -O https://artifacts.patterneddesigns.ca/container-images/v3.1.0/aureliasrs/api:3.1.0-arm64

# Verify SHA-256
sha256sum aureliasrs/api:3.1.0-arm64
# Expected: img002345678901bcdef2345678901bcdef2345678901bcdef2345678901bcde

Signatures & Trust

Cryptographic signatures binding this artifact to publisher identities.

AureliaSRS Primary Key
pgp 
4096R/ABCD1234
1234 5678 90AB CDEF 1234 5678 90AB CDEF 1234 5678
Key Locations:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEEjJJCDJNR0ZNaI5VZMTtxKrPw+MFAmW6mR0ACgkQZMTtxKrP
w+M0aH//kPN1kz37X2l2z3bX5a4gE0mubC26cihfF5nhioncZ18zgfbblkE9Yp3n
nabh3o0YczJdhF5nhioncZ18zgfbblkE9Yp3nobh3o0YczJdhF5nhioncZ18zgfb
blkE9Yp3nobh3o0YczJdhF5nhioncZ18zgfbblkE9Yp3nobh3o0YczJdhF5nhiop
cZ18zgfbblkE9Yp3nobh3o0YczJdhF5nhioncZ18zgfbblkE9Yp3nobh3o0Y
=a64g
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 4096R/ABCD1234

# Verify signature
gpg --verify signature.asc artifact.tar.gz
AureliaSRS Backup Key
pgp 
2048R/WXYZ9876
9876 5432 10FE DCBA 9876 5432 10FE DCBA 9876 5432
Key Locations:
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEMNOPQRSTUVWXYZabcMTuRSvQxPQFAmW6mR8ACgkQcMTuRSvQ
xPSGNl//lQO2l04AY3m3z4cY6a5hF1nuZcB7dijgG6ohjopdaB9ahgccmkFA0Zq4o
obci4p1ZdaKeiG6ohjopdaB9ahgccmkFA0Zq4opcj4p1ZdaKeiG6ohjopdaB9ahg
ccmkFA0Zq4opcj4p1ZdaKeiG6ohjopdaB9ahgccmkFA0Zq4opcj4p1ZdaKeiG6oh
jopdaB9ahgccmkFA0Zq4opcj4p1ZdaKeiG6ohjopdaB9ahgccmkFA0Zq4o
=b75h
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 2048R/WXYZ9876

# Verify signature
gpg --verify signature.asc artifact.tar.gz
Sigstore Rekor transparency-log

Container image logged in Sigstore Rekor transparency log

View Record
Trivy Security Scanner vulnerability-scan

No critical or high vulnerabilities detected

View Report
Cosign image-signature

Container signature verified via Cosign

View Record

Provenance

Build metadata and supply chain context for this artifact.

Docker Buildx

OS: v0.12.1

View Build

Type: github-actions

Workflow: .github/workflows/docker-build.yaml

Commit: 7c6d5e4f

Repository

Started: 2026-01-12 09:50

Completed: 2026-01-12 10:10

Reproducible: Yes

Format: cyclonedx

Digest: sha256:sbomimg002345...

Download SBOM

Type: gpg

Key Management: hardware-security-module

Jurisdiction: Canada

Build Location: ca-central-1 (AWS Canada)

Data Residency: Canada

Legal Entity: AureliaSRS Inc.

Verification

Verification Passed
Digest Verified:
Signature Verified:
Attestations Verified:
Last Verified:
Method: automated
View Verification Log
Verification results are derived and informational. Always perform independent verification using the signatures and digests above.
← All Releases JSON Spec