Supply Chain Security
Sigstore, Cosign, SBOMs, SLSA, in-toto - proving what's in your artifacts and that they came from where you think they did
Supply Chain Security
Supply chain security answers two questions: what is in your software and where did it come from. SolarWinds, Codecov, log4j, and a long list of npm typosquats have made these questions existential. The discipline turns "we trust our build" into "here's the cryptographic evidence."
The threat model is broader than people realize. Anything that touches your build can become an attack vector: a compromised dependency, a tampered base image, a malicious GitHub Action, a phished maintainer, a stolen signing key, a subverted artifact registry.
Why Supply Chain Security
| Without | With |
|---|---|
| You hope the image you deploy is the one CI built | Image is signed; deploy verifies signature |
| You don't know what dependencies are in your image | SBOM enumerates every component |
| log4j hits: you're scrambling to find affected services | SBOM query: "who has log4j 2.14?" instantly |
| A dep gets typosquatted, your build runs malicious code | Provenance shows unexpected source |
| A signed dep gets compromised | Public transparency log catches it |
| CI/CD compromise = arbitrary prod artifacts | SLSA build isolation prevents tampering |
| Compliance audit asks for evidence | Verifiable, dated, signed metadata |
The Players and Standards
Signing and verification
| Tool | What |
|---|---|
| Sigstore | Umbrella project: cosign, fulcio (CA), rekor (transparency log) |
| Cosign | Sign and verify container images, blobs, SBOMs, attestations |
| Notary v2 (Notation) | Alternative signing project; OCI-native |
| GPG / PGP | The classic; still used for packages (Debian, RPM) |
Cosign is the modern default for containers. Notation is gaining ground in OCI registries. Sigstore overall is now the de-facto standard for new projects.
SBOM (Software Bill of Materials)
| Tool | Format | Notes |
|---|---|---|
| Syft | SPDX, CycloneDX | Generates SBOM from container or directory |
| Grype | – | Scans an SBOM (or image) for known CVEs |
| Trivy | SPDX, CycloneDX | Scans images, IaC, secrets, generates SBOM |
| CycloneDX | – | An SBOM format (XML/JSON); broad tool support |
| SPDX | – | The other major SBOM format; ISO/IEC 5962 |
For new projects: Syft + Grype + Cosign. Trivy is a strong all-in-one alternative.
SLSA (Supply-chain Levels for Software Artifacts)
SLSA defines maturity levels for build integrity. Pronounced "salsa". From Google originally, now OpenSSF.
| Level | What it means |
|---|---|
| SLSA 1 | Build is scripted, generates provenance |
| SLSA 2 | Hosted/verifiable build service; tamper-resistant provenance |
| SLSA 3 | Build runs on a hardened, isolated platform; provenance is non-falsifiable |
| SLSA 4 | Two-party review, hermetic builds; reproducible |
Most teams aim for SLSA 2-3. GitHub Actions with the slsa-github-generator reaches SLSA 3 with little custom work.
Provenance and in-toto
in-toto is a specification for cryptographically attesting what happened during a build:
- Which source repo
- Which commit
- Which build tool, which version
- Who triggered it
- What outputs were produced
The attestation is signed, included as image metadata or stored in a transparency log. Verifiable provenance.
Dependency provenance
| Tool | What |
|---|---|
| Dependency-Track | OWASP project; SBOM management and vulnerability tracking |
| GitHub Dependabot | Update vulnerable deps |
| Renovate | Multi-platform dependency updater |
| Snyk / Mend (WhiteSource) / GitHub Advanced Security | Commercial dep scanning |
| OSV.dev | Open Source Vulnerabilities database (Google) |
| npm/pip/Maven Central package signing | Ecosystem-specific |
What "Signing an Image" Actually Means
You build a container, push it, sign it. The signature includes:
- Digest of the image (immutable hash)
- Public key (or, with keyless signing, identity that signed)
- Timestamp
- Signature itself
On deploy, the cluster (via admission policy) verifies the signature against expected keys/identities before pulling the image. An unsigned image (or signed by the wrong identity) is rejected at the gate.
With keyless signing (Cosign + Fulcio + Rekor):
- Build runs in GitHub Actions, signed by an OIDC identity
- Fulcio issues a short-lived cert tied to that identity
- Image is signed with that cert
- Signature + cert chain goes to Rekor (transparency log)
- Verifier checks: cert chain valid + identity matches expected + Rekor entry exists
No long-lived signing keys to steal. The identity (GitHub workflow path + repo) is what's trusted.
# Sign during CI
COSIGN_EXPERIMENTAL=1 cosign sign ghcr.io/my-org/checkout@sha256:abc123...
# Verify in admission controller
COSIGN_EXPERIMENTAL=1 cosign verify \
--certificate-identity-regexp 'https://github.com/my-org/checkout/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
ghcr.io/my-org/checkout@sha256:abc123...What's in an SBOM
A Software Bill of Materials is a structured list of every component in your software:
{
"spdxVersion": "SPDX-2.3",
"name": "checkout-service",
"packages": [
{ "name": "golang", "versionInfo": "1.22.0", "downloadLocation": "https://go.dev/dl/go1.22.0.linux-amd64.tar.gz" },
{ "name": "github.com/gin-gonic/gin", "versionInfo": "v1.9.1", "license": "MIT" },
{ "name": "github.com/golang-jwt/jwt", "versionInfo": "v4.5.0" },
... 200+ more ...
]
}Generated automatically from the build artifact:
syft ghcr.io/my-org/checkout:v1.2.3 -o spdx-json > sbom.jsonStored alongside the image (as an OCI artifact) or in a central catalog:
cosign attest --predicate sbom.json --type spdx ghcr.io/my-org/checkout:v1.2.3The SBOM is now a signed attestation attached to the image. Anyone can pull it. The "log4j question" — "do any of our images use log4j 2.14.x?" — becomes a one-line query over the SBOM catalog.
Learning Path
1. Getting Started
Sign a container with Cosign; generate an SBOM with Syft; scan with Grype; verify on admission with Kyverno
2. Patterns
Keyless signing, SBOM ingestion, SLSA build provenance, dependency pinning, vulnerability triage, attestation chains
3. Best Practices
Threat modeling the pipeline, key management, false positives, compliance, common pitfalls, scaling
The Compliance Angle
Regulators are catching up. Notable mandates:
- US Executive Order 14028 (2021) — federal vendors must provide SBOMs
- EU Cyber Resilience Act (2024-25) — broader CE-mark style requirements
- NIST SP 800-218 (SSDF) — secure software development framework
- PCI DSS 4.0 — requires inventory of bespoke and custom software components
If you sell software to enterprises or governments, SBOM + provenance is rapidly becoming RFP-mandatory.
Supply chain security is most valuable when nothing has happened yet. Once a CVE drops or a maintainer goes rogue, you want to already have SBOMs, signatures, and provenance — not be scrambling to generate them. The work pays off invisibly until the bad day, when it pays off enormously.