Skip to main content

SLSA and Artifact Signing with Sigstore

Implementing build provenance and cosign signatures for container images and release binaries.


SLSA and Artifact Signing with Sigstore

SLSA levels (simplified)

LevelRequirement
L1Build scripted / automated
L2Signed provenance, hosted build
L3Hardened build platform, non-falsifiable provenance

Cosign signing flow

# Sign image after build cosign sign --key awskms://alias/cosign myregistry/app:v1.2.3 # Verify at deploy time (admission webhook or deploy script) cosign verify --key awskms://alias/cosign myregistry/app:v1.2.3

Provenance attestation

GitHub Actions can emit SLSA provenance linking:

  • Git commit SHA
  • Workflow file
  • Builder identity
  • Artifact digest

Store attestations alongside image in OCI registry.

Policy

Production deploy pipeline rejects images without:

  1. Valid cosign signature from trusted key
  2. Provenance matching allowed repository and branch
  3. Passing vulnerability scan on same digest