Manual signing

Manual signing uses the Notation CLI and Amazon Signer plugin to sign images before pushing them to Amazon ECR. This method provides more control over the signing process and is useful when you need to sign images outside of the push workflow or require fine-grained control over signing operations.

For detailed instructions about signing container images using the Notation CLI and Amazon Signer, see Sign container images in Signer and the related topics in the Amazon Signer Developer Guide.

Prerequisites

Before you begin, The following prerequisites must be met.

Install and configure the latest version of the Amazon CLI. For more information, see Installing or updating the latest version of the Amazon CLI in the Amazon Command Line Interface User Guide.
Install the Notation CLI and the Amazon Signer plugin for Notation. For more information, see Prerequisites for signing container images in the Amazon Signer Developer Guide.
Have a container image stored in an Amazon ECR private repository to sign. For more information, see Pushing an image to an Amazon ECR private repository.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Signature verification

Scan images for vulnerabilities