diff --git a/attestation/layout.go b/attestation/layout.go
index c594e77..b68ffdf 100644
--- a/attestation/layout.go
+++ b/attestation/layout.go
@@ -5,9 +5,12 @@ import (
 	"encoding/json"
 	"fmt"
 
+	containerd "github.com/containerd/containerd/v2/core/images"
+	"github.com/distribution/reference"
 	"github.com/docker/attest/oci"
 	v1 "github.com/google/go-containerregistry/pkg/v1"
 	"github.com/google/go-containerregistry/pkg/v1/layout"
+	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
 // implementation of Resolver that closes over attestations from an oci layout.
@@ -95,6 +98,14 @@ func manifestFromOCILayout(path string, platform *v1.Platform) (*Manifest, error
 
 	idxDescriptor := idxm.Manifests[0]
 	idxDigest := idxDescriptor.Digest
+	subjectName := idxDescriptor.Annotations[ocispec.AnnotationRefName]
+	if _, err := reference.ParseNamed(subjectName); err != nil {
+		// try the containerd annotation if the org.opencontainers.image.ref.name is not a full name
+		subjectName = idxDescriptor.Annotations[containerd.AnnotationImageName]
+		if _, err := reference.ParseNamed(subjectName); err != nil {
+			return nil, fmt.Errorf("failed to find subject name in annotations")
+		}
+	}
 
 	mfs, err := idx.ImageIndex(idxDigest)
 	if err != nil {
@@ -138,7 +149,7 @@ func manifestFromOCILayout(path string, platform *v1.Platform) (*Manifest, error
 		attest := &Manifest{
 			OriginalLayers:     layers,
 			OriginalDescriptor: mf,
-			SubjectName:        idxDescriptor.Annotations["org.opencontainers.image.ref.name"],
+			SubjectName:        subjectName,
 			SubjectDescriptor:  subjectDescriptor,
 		}
 		return attest, nil
diff --git a/attestation/layout_test.go b/attestation/layout_test.go
index 1f7b2d8..3aaaf9f 100644
--- a/attestation/layout_test.go
+++ b/attestation/layout_test.go
@@ -1,6 +1,7 @@
 package attestation_test
 
 import (
+	"path/filepath"
 	"strings"
 	"testing"
 
@@ -33,7 +34,7 @@ func TestAttestationFromOCILayout(t *testing.T) {
 	require.NoError(t, err)
 	spec, err := oci.ParseImageSpec(oci.LocalPrefix + outputLayout)
 	require.NoError(t, err)
-	err = oci.SaveIndex(ctx, []*oci.ImageSpec{spec}, signedIndex, outputLayout)
+	err = oci.SaveIndex(ctx, []*oci.ImageSpec{spec}, signedIndex, "docker.io/library/test-image:test")
 	require.NoError(t, err)
 
 	testCases := []struct {
@@ -66,3 +67,29 @@ func TestAttestationFromOCILayout(t *testing.T) {
 		})
 	}
 }
+
+func TestSubjectNameAnnotations(t *testing.T) {
+	testCases := []struct {
+		name          string
+		ociLayoutPath string
+		errorStr      string
+	}{
+		{name: "oci annotation", ociLayoutPath: test.UnsignedTestImage("..")},
+		{name: "containerd annotation", ociLayoutPath: filepath.Join("..", "test", "testdata", "containerd-subject-layout")},
+		{name: "missing subject name", ociLayoutPath: filepath.Join("..", "test", "testdata", "missing-subject-layout"), errorStr: "failed to find subject name in annotations"},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			spec, err := oci.ParseImageSpec(oci.LocalPrefix+tc.ociLayoutPath, oci.WithPlatform("linux/arm64"))
+			require.NoError(t, err)
+			_, err = policy.CreateImageDetailsResolver(spec)
+			if tc.errorStr != "" {
+				require.Error(t, err)
+				assert.Contains(t, err.Error(), tc.errorStr)
+				return
+			}
+			require.NoError(t, err)
+		})
+	}
+}
diff --git a/go.mod b/go.mod
index 9316ed4..43b2eb0 100644
--- a/go.mod
+++ b/go.mod
@@ -6,6 +6,7 @@ require (
 	github.com/Masterminds/semver/v3 v3.3.0
 	github.com/aws/aws-sdk-go-v2/config v1.27.35
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8
+	github.com/containerd/containerd/v2 v2.0.0-rc.4
 	github.com/containerd/platforms v0.2.1
 	github.com/distribution/reference v0.6.0
 	github.com/go-openapi/runtime v0.28.0
@@ -61,6 +62,7 @@ require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.3.8 // indirect
+	github.com/containerd/errdefs v0.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
@@ -114,7 +116,7 @@ require (
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.3 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.20.2 // indirect
@@ -157,7 +159,7 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.27.0 // indirect
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
-	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/net v0.29.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
@@ -174,5 +176,5 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gotest.tools/v3 v3.5.1 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 )
diff --git a/go.sum b/go.sum
index d846cd9..cb2cb62 100644
--- a/go.sum
+++ b/go.sum
@@ -172,6 +172,10 @@ github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUo
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
+github.com/containerd/containerd/v2 v2.0.0-rc.4 h1:Bvto4h5i2VZkQ+L5SrGupg5ilQ+zkVPILdjf9RWMego=
+github.com/containerd/containerd/v2 v2.0.0-rc.4/go.mod h1:p35nJi4Pl9ibzuoVOPc3MputVh6Gbp9xoDg9VHz6/YI=
+github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
+github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
@@ -237,6 +241,8 @@ github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/go-chi/chi v4.1.2+incompatible h1:fGFk2Gmi/YKXk0OmGfBh0WgmN3XB8lVnEyNz34tQRec=
 github.com/go-chi/chi v4.1.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
@@ -464,8 +470,8 @@ github.com/package-url/packageurl-go v0.1.3 h1:4juMED3hHiz0set3Vq3KeQ75KD1avthoX
 github.com/package-url/packageurl-go v0.1.3/go.mod h1:nKAWB8E6uk1MHqiS/lQb9pYBGH2+mdJ2PJc2s50dQY0=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
-github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
+github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
+github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ=
 github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -548,7 +554,6 @@ github.com/spiffe/go-spiffe/v2 v2.3.0/go.mod h1:Oxsaio7DBgSNqhAO9i/9tLClaVlfRok7
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@@ -556,7 +561,6 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
@@ -579,6 +583,8 @@ github.com/transparency-dev/merkle v0.0.2 h1:Q9nBoQcZcgPamMkGn7ghV8XiTZ/kRxn1yCG
 github.com/transparency-dev/merkle v0.0.2/go.mod h1:pqSy+OXefQ1EDUVmAJ8MUhHB9TXGuzVAT58PqBoHz1A=
 github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts=
 github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y=
 github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
@@ -640,8 +646,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -788,24 +794,24 @@ gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
 gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.28.3 h1:Gj1HtbSdB4P08C8rs9AR94MfSGpRhJgsS+GF9V26xMM=
-k8s.io/api v0.28.3/go.mod h1:MRCV/jr1dW87/qJnZ57U5Pak65LGmQVkKTzf3AtKFHc=
-k8s.io/apimachinery v0.28.3 h1:B1wYx8txOaCQG0HmYF6nbpU8dg6HvA06x5tEffvOe7A=
-k8s.io/apimachinery v0.28.3/go.mod h1:uQTKmIqs+rAYaq+DFaoD2X7pcjLOqbQX2AOiO0nIpb8=
-k8s.io/client-go v0.28.3 h1:2OqNb72ZuTZPKCl+4gTKvqao0AMOl9f3o2ijbAj3LI4=
-k8s.io/client-go v0.28.3/go.mod h1:LTykbBp9gsA7SwqirlCXBWtK0guzfhpoW4qSm7i9dxo=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo=
+k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE=
+k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc=
+k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo=
+k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8=
+k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780=
 k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA=
-k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak=
-k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A=
+k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
 sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
 sigs.k8s.io/release-utils v0.8.4 h1:4QVr3UgbyY/d9p74LBhg0njSVQofUsAZqYOzVZBhdBw=
 sigs.k8s.io/release-utils v0.8.4/go.mod h1:m1bHfscTemQp+z+pLCZnkXih9n0+WukIUU70n6nFnU0=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk=
-sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f b/test/testdata/containerd-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f
new file mode 100644
index 0000000..47def76
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f
@@ -0,0 +1 @@
+{"architecture":"unknown","os":"unknown","config":{},"rootfs":{"type":"layers","diff_ids":["sha256:e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064"]}}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5 b/test/testdata/containerd-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5
new file mode 100644
index 0000000..781c250
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5
@@ -0,0 +1,19 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "sha256:5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f",
+    "size": 167
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.in-toto+json",
+      "digest": "sha256:e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064",
+      "size": 917,
+      "annotations": {
+        "in-toto.io/predicate-type": "https://spdx.dev/Document"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1 b/test/testdata/containerd-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1
new file mode 100644
index 0000000..721f68d
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1
@@ -0,0 +1,28 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec",
+      "size": 288,
+      "platform": {
+        "architecture": "arm64",
+        "os": "linux"
+      }
+    },
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5",
+      "size": 558,
+      "annotations": {
+        "vnd.docker.reference.digest": "sha256:e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec",
+        "vnd.docker.reference.type": "attestation-manifest"
+      },
+      "platform": {
+        "architecture": "unknown",
+        "os": "unknown"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46 b/test/testdata/containerd-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46
new file mode 100644
index 0000000..7024a7a
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46
@@ -0,0 +1 @@
+{"architecture":"arm64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"WorkingDir":"/","ArgsEscaped":true},"created":null,"history":[{"created_by":"CMD []","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":null}}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064 b/test/testdata/containerd-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064
new file mode 100644
index 0000000..df67bf4
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064
@@ -0,0 +1 @@
+{"_type":"https://in-toto.io/Statement/v0.1","predicateType":"https://spdx.dev/Document","subject":[{"name":"pkg:docker/test@latest?platform=linux%2Farm64","digest":{"sha256":"e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec"}}],"predicate":{"SPDXID":"SPDXRef-DOCUMENT","creationInfo":{"created":"2024-09-19T20:28:48Z","creators":["Organization: Anchore, Inc","Tool: syft-v0.105.0"],"licenseListVersion":"3.23"},"dataLicense":"CC0-1.0","documentNamespace":"https://anchore.com/syft/dir/sbom-4d662591-02b0-4448-8cdc-c8b539bbe1a0","name":"sbom","packages":[{"SPDXID":"SPDXRef-DocumentRoot-Directory-sbom","downloadLocation":"NOASSERTION","filesAnalyzed":false,"name":"sbom","primaryPackagePurpose":"FILE","supplier":"NOASSERTION"}],"relationships":[{"relatedSpdxElement":"SPDXRef-DocumentRoot-Directory-sbom","relationshipType":"DESCRIBES","spdxElementId":"SPDXRef-DOCUMENT"}],"spdxVersion":"SPDX-2.3"}}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec b/test/testdata/containerd-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec
new file mode 100644
index 0000000..00ebcd6
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec
@@ -0,0 +1,10 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "sha256:cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46",
+    "size": 308
+  },
+  "layers": null
+}
\ No newline at end of file
diff --git a/test/testdata/containerd-subject-layout/index.json b/test/testdata/containerd-subject-layout/index.json
new file mode 100644
index 0000000..3742c4d
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/index.json
@@ -0,0 +1,15 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.index.v1+json",
+      "digest": "sha256:bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1",
+      "size": 855,
+      "annotations": {
+        "io.containerd.image.name": "docker.io/library/test-image:test",
+        "org.opencontainers.image.ref.name": "test"
+      }
+    }
+  ]
+}
diff --git a/test/testdata/containerd-subject-layout/oci-layout b/test/testdata/containerd-subject-layout/oci-layout
new file mode 100644
index 0000000..1343d37
--- /dev/null
+++ b/test/testdata/containerd-subject-layout/oci-layout
@@ -0,0 +1 @@
+{"imageLayoutVersion":"1.0.0"}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f b/test/testdata/missing-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f
new file mode 100644
index 0000000..47def76
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f
@@ -0,0 +1 @@
+{"architecture":"unknown","os":"unknown","config":{},"rootfs":{"type":"layers","diff_ids":["sha256:e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064"]}}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5 b/test/testdata/missing-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5
new file mode 100644
index 0000000..781c250
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5
@@ -0,0 +1,19 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "sha256:5049b0fd8de6fc8937065a0b26214e5a1e620e98488de6bac72c0284b1a5242f",
+    "size": 167
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.in-toto+json",
+      "digest": "sha256:e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064",
+      "size": 917,
+      "annotations": {
+        "in-toto.io/predicate-type": "https://spdx.dev/Document"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1 b/test/testdata/missing-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1
new file mode 100644
index 0000000..721f68d
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1
@@ -0,0 +1,28 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec",
+      "size": 288,
+      "platform": {
+        "architecture": "arm64",
+        "os": "linux"
+      }
+    },
+    {
+      "mediaType": "application/vnd.oci.image.manifest.v1+json",
+      "digest": "sha256:a051db630f91aae4fc649b455724f2c5c60ae0c508e87d88937e862524f488b5",
+      "size": 558,
+      "annotations": {
+        "vnd.docker.reference.digest": "sha256:e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec",
+        "vnd.docker.reference.type": "attestation-manifest"
+      },
+      "platform": {
+        "architecture": "unknown",
+        "os": "unknown"
+      }
+    }
+  ]
+}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46 b/test/testdata/missing-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46
new file mode 100644
index 0000000..7024a7a
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46
@@ -0,0 +1 @@
+{"architecture":"arm64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"WorkingDir":"/","ArgsEscaped":true},"created":null,"history":[{"created_by":"CMD []","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":null}}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064 b/test/testdata/missing-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064
new file mode 100644
index 0000000..df67bf4
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/e2c3b7df754e062b0c6b17c5262ea237fc86d68432e86e68724c57f04be3d064
@@ -0,0 +1 @@
+{"_type":"https://in-toto.io/Statement/v0.1","predicateType":"https://spdx.dev/Document","subject":[{"name":"pkg:docker/test@latest?platform=linux%2Farm64","digest":{"sha256":"e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec"}}],"predicate":{"SPDXID":"SPDXRef-DOCUMENT","creationInfo":{"created":"2024-09-19T20:28:48Z","creators":["Organization: Anchore, Inc","Tool: syft-v0.105.0"],"licenseListVersion":"3.23"},"dataLicense":"CC0-1.0","documentNamespace":"https://anchore.com/syft/dir/sbom-4d662591-02b0-4448-8cdc-c8b539bbe1a0","name":"sbom","packages":[{"SPDXID":"SPDXRef-DocumentRoot-Directory-sbom","downloadLocation":"NOASSERTION","filesAnalyzed":false,"name":"sbom","primaryPackagePurpose":"FILE","supplier":"NOASSERTION"}],"relationships":[{"relatedSpdxElement":"SPDXRef-DocumentRoot-Directory-sbom","relationshipType":"DESCRIBES","spdxElementId":"SPDXRef-DOCUMENT"}],"spdxVersion":"SPDX-2.3"}}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec b/test/testdata/missing-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec
new file mode 100644
index 0000000..00ebcd6
--- /dev/null
+++ b/test/testdata/missing-subject-layout/blobs/sha256/e44a73ec811b0442dfcdd13a0eb035746d0569662684dafe2f3e8abe644871ec
@@ -0,0 +1,10 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.manifest.v1+json",
+  "config": {
+    "mediaType": "application/vnd.oci.image.config.v1+json",
+    "digest": "sha256:cbeaa84fb2fdfc8fd5e437555e94a323ac8acc69e68278d127cb4adf595f9d46",
+    "size": 308
+  },
+  "layers": null
+}
\ No newline at end of file
diff --git a/test/testdata/missing-subject-layout/index.json b/test/testdata/missing-subject-layout/index.json
new file mode 100644
index 0000000..cd950bf
--- /dev/null
+++ b/test/testdata/missing-subject-layout/index.json
@@ -0,0 +1,14 @@
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.oci.image.index.v1+json",
+  "manifests": [
+    {
+      "mediaType": "application/vnd.oci.image.index.v1+json",
+      "digest": "sha256:bba371330d0124ce45f669c5d73092a3f2078ed1491e2bc52189a82e279074a1",
+      "size": 855,
+      "annotations": {
+        "org.opencontainers.image.ref.name": "test"
+      }
+    }
+  ]
+}
diff --git a/test/testdata/missing-subject-layout/oci-layout b/test/testdata/missing-subject-layout/oci-layout
new file mode 100644
index 0000000..1343d37
--- /dev/null
+++ b/test/testdata/missing-subject-layout/oci-layout
@@ -0,0 +1 @@
+{"imageLayoutVersion":"1.0.0"}
\ No newline at end of file