I can’t speak for secureblue but we sign our images with cosign so that you can verify that the image you’re using is built from the source code on GitHub (check the verification instructions here):
And we verify the signature during our build process:
Currently however, Fedora is not signing their container images, so that part of the chain isn’t locked down but it’s in progress, as soon as that’s available we’ll use it an post an announcement.