feat(tools): add s3c supply-chain presence checker#791
Merged
Conversation
Adds tools/s3c, an on-demand cosign wrapper that probes every container image of a given component for cosign signatures, SBOMs, and SLSA-style build provenance. The script reads the per-component image list from docs/user/container-images.md (the existing BOM inventory) so the source of truth stays unchanged. Documents the three underlying cosign commands in a new "Verifying supply-chain provenance" section of the inventory page so users can run the same checks by hand. Scope is presence, not trust: verifying *who* signed an image requires per-publisher trust roots (keys or OIDC identities) which differ per upstream and would need hand-curation. Called out explicitly in the doc and the script's report header. Unreachable registries (regional ECR, private mirrors) are reported with `?` plus a reason in the Notes column rather than conflated with `-` (absent). Closes: #745
Member
Author
|
Example: |
Contributor
This comment was marked as resolved.
This comment was marked as resolved.
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/user/container-images.md`:
- Around line 278-279: The markdown link target "../../tools/s3c" is a dead link
causing the VitePress build to fail; update the two occurrences (the link around
`tools/s3c` at the snippet and the occurrence around line 360) to a docs-valid
target by either replacing the relative link with a stable GitHub blob URL
pointing to the tools/s3c path in the repo or convert the anchor to plain inline
code formatting (`tools/s3c`) so it is not a navigable link; ensure both
occurrences are changed consistently.
- Line 287: Change the fenced code block that begins with "Component:
nvidia-dra-driver-gpu (1 images)" to include a language tag by replacing the
opening ``` with ```text (or ```console) so the example output satisfies
markdownlint MD040; ensure only the opening fence is modified and the closing
``` remains unchanged.
In `@tools/s3c`:
- Around line 163-175: The attestation probe currently treats any non-OK result
from `cosign download attestation` as absent; update the logic around
`att=$(cosign download attestation "$image" 2>/dev/null) || att_rc=$?` to mirror
the `cosign tree` handling: if `att_rc` is non-zero (probe failure), set
`prov="?"` (unreachable) and add the same descriptive note used for tree probes
rather than leaving `prov` as "-" (absent); keep the existing path that inspects
`$att` and sets `prov="Y"` only when the attestation is fetched and contains
slsa/provenance. Ensure you reference and update the `att`, `att_rc`, and `prov`
variables and the `cosign download attestation` probe branch.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: 178dab88-14e1-49bc-9e22-fc7b7c680377
📒 Files selected for processing (2)
docs/user/container-images.mdtools/s3c
Relative links like ../../tools/s3c resolve outside the VitePress site tree and fail the dead-link check during the Fern docs build. The existing convention in docs/README.md (links to CONTRIBUTING.md, SECURITY.md) uses absolute github.com/NVIDIA/aicr/blob/main/... URLs; match it.
Contributor
Coverage Report ✅
Coverage BadgeNo Go source files changed in this PR. |
Address review feedback on #791: - docs/user/container-images.md: add `text` language tag to the example output fenced block so markdownlint MD040 passes. - tools/s3c: capture cosign download attestation stderr separately and classify its non-zero exit. Network/auth errors flip prov to "?" with a "prov probe unreachable" note; unrecognized stderr (typically "no attestations" — the common case for unsigned-but-reachable images) stays "-" so we don't mis-mark every unattested image as unreachable.
lockwobr
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
tools/s3c, a presence-only cosign wrapper that probes a component's container images for signatures, SBOMs, and SLSA-style build provenance, and documents the underlying cosign commands indocs/user/container-images.md.Motivation / Context
Customers performing security review need to know which AICR-deployed images carry cosign signatures, SBOMs, and build provenance. Rather than maintain a static matrix that drifts (or wire flaky CI probes that conflate transient registry errors with absence), this gives users a one-shot check they can run themselves on demand.
Fixes: #745
Related: #739
Type of Change
Component(s) Affected
docs/,examples/)tools/s3cImplementation Notes
--help, and the doc.docs/user/container-images.md, so weeklybom-refreshkeeps it current. No new data file.cosign treereturns sig + SBOM presence in one round-trip;cosign download attestation | jqis needed to filter the predicateType for SLSA-style provenance specifically (attestation presence alone is broader).?with a reason in the Notes column rather than conflated with-.Testing
Smoke runs:
aws-efa(regional ECR)? ? ?auth requiredkueue(registry.k8s.io)Y - -kgateway-crds(no images)bogus-componentRisk Assessment
Rollout notes: N/A — no migration; users opt in by running
tools/s3c <component>.Checklist
make testwith-race)make lint)tools/check-tools/tools/describe; sourcestools/common)git commit -S)