Step What happens

A Your deployment process authenticates to the Thought Machine external Docker registry and pulls a list of Docker images from the Thought Machine external Docker registry.

B Your deployment process verifies the attestation from the Thought Machine client attestations store.

C Your deployment process retags the image with your Docker registry.

D Your deployment process pushes the image to your Docker registry, and the new digest is reserved for step H.

E Your deployment process pulls images from the external registry.

F Your deployment process retags the images with Thought Machine tags.

G Your deployment process pushes the image to your Docker registry, and a new digest is reserved for step H.

H Your deployment process attests the pushed image with your attestor.

I The attestation is pushed to your attestation project.

J Your Kubernetes cluster verifies the image by checking attestations for it from your attestation project.

K If the image clears verification, the cluster pulls the image from your registry to the start pod.