Provenance Registry Artifact Attestation
ARTIFACT

aureliasrs/api:3.1.0

container-images / v3.1.0 / aureliasrs/api:3.1.0
Published:

OCI Image Details

OCI Image
multi-arch
2048 bytes
SLSA 3
# Pull by digest (immutable reference)
docker pull aureliasrs/api:3.1.0@sha256:img003456789012cdef3456789012cdef3456789012cdef3456789012cdef34

# Verify with cosign
cosign verify aureliasrs/api:3.1.0@sha256:img003456789012cdef3456789012cdef3456789012cdef3456789012cdef34
# Inspect manifest list
docker manifest inspect aureliasrs/api:3.1.0@sha256:img003456789012cdef3456789012cdef3456789012cdef3456789012cdef34

SLSA Provenance

SLSA 3

Builder Level: 3

Digests

Content-addressed checksums for verifying artifact integrity.

img003456789012cdef3456789012cdef3456789012cdef3456789012cdef34
img512003456789012cdef3456789012cdef3456789012cdef3456789012cdef3456789012cdef3456789012cdef3456789012cdef3456789012cdef34
imgblk003456789012cdef3456789012cdef3456789012cdef3456789012cdef
# Download artifact
curl -O https://artifacts.patterneddesigns.ca/container-images/v3.1.0/aureliasrs/api:3.1.0

# Verify SHA-256
sha256sum aureliasrs/api:3.1.0
# Expected: img003456789012cdef3456789012cdef3456789012cdef3456789012cdef34

Signatures & Trust

Cryptographic signatures binding this artifact to publisher identities.

AureliaSRS Primary Key
pgp 
4096R/ABCD1234
1234 5678 90AB CDEF 1234 5678 90AB CDEF 1234 5678
Key Locations:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEEjJJCDJNR0ZNaI5VZMTtxKrPw+MFAmW6mR0ACgkQZMTtxKrP
w+M1bI//lQP2l15BY4n4z5dZ7b6iF2ovcD37ekjhH7pjkpqeB290hihddnlGB1as5p
pcdk5q2aeblfjH7pjkpqeB290hihddnlGB1as5qqddk5q2aeblfjH7pjkpqeB290
hihddnlGB1as5qqddk5q2aeblfjH7pjkpqeB290hihddnlGB1as5qqddk5q2aebl
fjH7pjkpqeB290hihddnlGB1as5qqddk5q2aeblfjH7pjkpqeB290hihddnlG
=c86i
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 4096R/ABCD1234

# Verify signature
gpg --verify signature.asc artifact.tar.gz
AureliaSRS Backup Key
pgp 
2048R/WXYZ9876
9876 5432 10FE DCBA 9876 5432 10FE DCBA 9876 5432
Key Locations:
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEMNOPQRSTUVWXYZabcMTuRSvQxPQFAmW6mR8ACgkQcMTuRSvQ
xPSHOm//mRQ3m26CZ5o5z6eaAb7jG3qwdE48fkliI8qlkrrgcC0bjijfeonHC2bt6r
reel6r3bgcmgkI8qlkrrgcC0bjijfeonHC2bt6srel6r3bgcmgkI8qlkrrgcC0bj
ijfeonHC2bt6srel6r3bgcmgkI8qlkrrgcC0bjijfeonHC2bt6srel6r3bgcmgkI
8qlkrrgcC0bjijfeonHC2bt6srel6r3bgcmgkI8qlkrrgcC0bjijfeonHC2b
=d97j
-----END PGP SIGNATURE-----

# Import key
gpg --keyserver keys.openpgp.org --recv-keys 2048R/WXYZ9876

# Verify signature
gpg --verify signature.asc artifact.tar.gz
Sigstore Rekor transparency-log

Multi-arch manifest logged in Sigstore Rekor transparency log

View Record
Docker Hub container-registry

Multi-arch manifest published to Docker Hub

View Report

Provenance

Build metadata and supply chain context for this artifact.

Docker Buildx

OS: v0.12.1

View Build

Type: github-actions

Workflow: .github/workflows/docker-build.yaml

Commit: 7c6d5e4f

Repository

Started: 2026-01-12 09:50

Completed: 2026-01-12 10:10

Format: cyclonedx

Digest: sha256:sbomimg003456...

Download SBOM

Type: gpg

Key Management: hardware-security-module

Jurisdiction: Canada

Build Location: ca-central-1 (AWS Canada)

Data Residency: Canada

Legal Entity: AureliaSRS Inc.

Verification

Verification Passed
Digest Verified:
Signature Verified:
Attestations Verified:
Last Verified:
Method: automated
View Verification Log
Verification results are derived and informational. Always perform independent verification using the signatures and digests above.
← All Releases JSON Spec