Why use Docker images?

Using Docker images from the Thought Machine Docker registry gives your deployment team:

Greater autonomy in release processes

The ability to apply supply chain security on artifacts received from Thought Machine via Binary Authorisation.

Benefits of signing our Docker images

Docker images released from Thought Machine are signed using the tm-release-attestor. This provides assurance in the supply chain that the images were built and verified by Thought Machine.

The tm-release-attestor is used to sign images which have been built, tested, security-verified and quality assured.

Process for providing Thought Machine Docker images

You need:

A Docker registry set up for Vault images. See the Vault Cloud Infrastructure guide for information about setting this up

Credentials to authenticate to the Thought Machine Docker registry and client attestations store

If you have not been provided with authentication credentials, email your Thought Machine Client Delivery Manager or representative to request access to our Docker registry and client attestations. Your request will be forwarded to the Thought Machine security team.

Process overview for providing Thought Machine Docker images