Containers Secure Supply Chain Framework documentation

Learn about the Containers Secure Supply Chain Framework (CSSC), its overview and stages, security objectives, security risks, recommended tools, and best practices at every stage of the secure supply chain of containers.

Containers Secure Supply Chain Framework

Overview

• Introduction to Containers Secure Supply Chain Framework
• Acquire Stage
• Catalog Stage
• Build Stage
• Deploy Stage
• Run Stage
• Observability

Training

• Build container images using Notation and Azure Key Vault
• Attach a signed SBOM to a container image

Quickstart

• Stay up to date with container image dependencies using Dependabot
• Sign and verify a container image with Notation in Azure Pipeline