Most container images in production are still unsigned, and even when signatures exist, they often provide no clear guarantee about where the artifact came from or what threat the signature is supposed to protect against. Supply-chain attacks exploit this gap and become an increasingly important issue when publishing or importing open-source software.

This talk presents security capabilities in Docker and Moby BuildKit that address these issues. BuildKit executes all build steps in isolated, immutable sandboxes strictly defined by the build definition, and produces SLSA attestations with complete snapshots of the build’s source material.

Additionally, Docker will provide a trusted BuildKit instance running inside GitHub Actions infrastructure. Artifacts produced there include signed attestations tied to a well-defined security boundary. The talk explains what guarantees this environment provides and how this differs from traditional approaches.

The session also covers how to update container-based pipelines to always validate all BuildKit inputs (images, Git sources, HTTP sources) using Rego policies and BuildKit attestations. These checks apply both to artifacts coming from the new trusted builder instance and to any other verifiable artifacts.

These improvements are designed to strengthen container security and raise the baseline for how open-source projects should sign, attest, and verify artifacts.