Skip to content

Supply-chain provenance audit per component #745

Description

@mchmarny

Parent: #739

Summary

Audit each component's container images for supply-chain provenance: cosign signatures, SBOMs, and SLSA provenance attestations. Produce a matrix that informs verification policy and customer security review.

Motivation

AICR pulls images from many public registries with varying provenance maturity. Some publish signed images with SBOMs (e.g., NVIDIA, Kubernetes SIG); others may not. Customers performing security review need to know which can be cryptographically verified and which cannot.

Proposed approach

For each component (and each image it deploys, per BOM output), check:

Attribute How to check
Cosign signature cosign verify <image> against publisher's pubkey
SBOM availability cosign download sbom <image> or registry attachment
SLSA provenance cosign verify-attestation --type slsaprovenance
Vulnerability scan results grype/trivy reference

Output: a matrix in docs/security/provenance-matrix.md showing per-component status, with links to verification commands.

Success criteria

  • Every component has documented provenance status.
  • Verification commands are reproducible.
  • Gaps (unsigned images, missing SBOMs) are flagged for follow-up with upstream maintainers.
  • Optionally: a cosign verify step in our deployment validation for components where signatures are available.

Notes

  • Depends on BOM tooling (separate issue) for the canonical image list.
  • AICR's own validator/runtime images are out of scope (covered by goreleaser/SLSA already).
  • This is an audit/documentation issue first; enforcement (e.g., admission policy) is a follow-up if warranted.

Metadata

Metadata

Assignees

Fields

No fields configured for Enhancement.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions