Supply chain attacks modify artefacts after build, before install. Signing and provenance prove: authentic, unmodified, traceable.
Sigstore
Keyless signing. No long-lived keys.
# Sign
cosign sign ghcr.io/myorg/myapp@sha256:abc123...
# Verify
cosign verify ghcr.io/myorg/myapp@sha256:abc123... \
--certificate-identity=.../workflows/build.yml@refs/heads/main \
--certificate-oidc-issuer=https://token.actions.githubusercontent.com
Fulcio: Issues short-lived certs binding key to OIDC identity.
Rekor: Append-only transparency log.
CI signing
permissions:
id-token: write # Required for keyless
- uses: sigstore/cosign-installer@v3
- run: cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}
npm provenance:
npm publish --provenance
npm audit signatures
SLSA
Supply-chain Levels for Software Artefacts.
| Level | Requirement |
|---|---|
| SLSA 1 | Provenance documented |
| SLSA 2 | Hosted build service |
| SLSA 3 | Hardened platform, non-falsifiable provenance |
Verification
Signing is useless without enforcement.
# Kyverno - reject unsigned images
verifyImages:
- imageReferences: ["ghcr.io/myorg/*"]
attestors:
- keyless:
issuer: "https://token.actions.githubusercontent.com"
What to sign
Container images, npm packages, Go binaries, Helm charts, SBOMs. Everything crossing a trust boundary.
The takeaway
Sigstore keyless. SLSA provenance. Enforce verification at deployment.