Deploy Voucher Server and Voucher Client components. After a container image has passed the regression tests, run Voucher Client as a step in the Cloud Build pipeline.

Create an attestor and a policy. Run a vulnerability scan to create an attestation for the container image as a step in the Cloud Build pipeline.

Create an attestor and a policy. Create an attestation for the container images that have passed the regression tests as a step in the Cloud Build pipeline.

Set the Pod Security Standard level to Restricted for the relevant namespaces. Digitally sign the container images that have passed the regression tests as a step in the Cloud Build pipeline.