Verifying Releases

Every Sovereign container image published to ghcr.io/nemoriontechnologies/* ships with:

• A Sigstore image signature that proves the image bytes were produced by Nemorion's CI pipeline and have not been tampered with after publish
• A signed SPDX SBOM (Software Bill of Materials) enumerating every component baked into the image

Signatures are produced via Sigstore keyless mode — Nemorion holds no long-lived signing keys. The GitHub Actions runner uses its short-lived OIDC token to obtain a one-time signing certificate from Sigstore's Fulcio CA. The signing event is recorded in the public Rekor transparency log so anyone can audit when an image was signed and by which workflow.

Both the signature and the SBOM attestation are pushed to the registry as OCI referrers attached to the image manifest — they travel with the image to any registry mirror, including air-gapped environments.

What you can verify

• That the image bytes match what Nemorion's CI pushed (no in-transit tampering)
• That the image was built by the publish-containers.yml workflow in nemoriontechnologies/sovereign (no impostor publish)
• That the SBOM published alongside the image is the SBOM Nemorion actually signed

Install cosign

cosign is the standard tool for verifying Sigstore signatures. Install the latest stable v2.x release:

# Linux / macOS / WSL — single binary, no daemon
curl -sLO 'https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64'
sudo install -m 0755 cosign-linux-amd64 /usr/local/bin/cosign
cosign version

Windows users: download cosign-windows-amd64.exe from the releases page and drop it on your PATH.

Verify the image signature

cosign verify \
--certificate-identity-regexp 'https://github.com/nemoriontechnologies/sovereign/.github/workflows/publish-containers.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
ghcr.io/nemoriontechnologies/sovereign-engine-api:latest

A successful run prints Verification for ghcr.io/... followed by the signature payload — including the digest, the workflow identity, and the Rekor log index.

If verification fails (no matching signatures, certificate identity mismatch, etc.) do not deploy the image. Report the failure to security@nemorion.com with the digest and tag you were verifying.

Verify the signed SBOM

cosign verify-attestation \
--type spdxjson \
--certificate-identity-regexp 'https://github.com/nemoriontechnologies/sovereign/.github/workflows/publish-containers.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
ghcr.io/nemoriontechnologies/sovereign-engine-api:latest

A successful run prints the verified in-toto statement. Pipe through jq to inspect the SBOM components.

Download the SBOM as a file

To extract the SBOM payload after verification succeeds:

cosign download attestation \
--predicate-type 'https://spdx.dev/Document/v2.3' \
ghcr.io/nemoriontechnologies/sovereign-engine-api:latest \
| jq -r '.payload' | base64 -d | jq '.predicate' > sbom.spdx.json

Pinning to a digest

Tags are mutable. For production deployments, resolve the tag to a digest once, verify it, and pin the digest in your manifests:

# Resolve and pin
DIGEST=$(crane digest ghcr.io/nemoriontechnologies/sovereign-engine-api:latest)
echo "Pinned digest: $DIGEST"

# Verify the resolved digest
cosign verify \
--certificate-identity-regexp 'https://github.com/nemoriontechnologies/sovereign/.github/workflows/publish-containers.yml@.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
ghcr.io/nemoriontechnologies/sovereign-engine-api@$DIGEST

Using a mirror

The image signature and SBOM attestation are OCI referrers attached to the image manifest. When you mirror an image with oras copy, crane copy, or skopeo copy --all, the signatures come with it.

Replace ghcr.io/... in the commands above with <your-mirror>/... and verification works identically. Sigstore's Fulcio certificate-authority chain is well-known and embedded in cosign; you do not need to reach ghcr.io to verify a mirrored image.

What a verified image proves

A passing verification means:

1. The image bytes you have on disk match the digest Nemorion's CI pushed
2. Those bytes were produced by the publish-containers.yml workflow in nemoriontechnologies/sovereign
3. The build ran inside GitHub Actions with the workflow's OIDC identity (no human could have forged this signature without breaking either GitHub's OIDC issuer or Sigstore's Fulcio CA)
4. The SBOM you can download is the exact SBOM the pipeline emitted at build time

It does not prove the image is free of vulnerabilities or that the source code is correct — that's what the SBOM is for. Run your usual SCA tooling against the SBOM to scan for CVEs in baked-in components.

Troubleshooting

no matching signatures — the image was published before signing was enabled. Pull a newer tag (latest, or any sha-* tag from after 2026-05-22) and try again.

failed to verify certificate — your cosign install is using a custom Fulcio root. Use cosign verify ... --insecure-ignore-tlog only as a diagnostic; do not deploy images you couldn't verify against Rekor in production.

error fetching from registry — your verification host can't reach the registry. Pull the image first (docker pull ...), then point cosign at the local digest with cosign verify ... <registry>/<image>@sha256:<digest>.

See also

• Sigstore documentation
• cosign verify reference
• Deployment Guide — where verification fits in the deployment workflow
• Security Overview — broader security posture