Image Supply Chain Security
Signing, attestation, SBOM, vulnerability scanning, provenance.
By 2026 SLSA and Sigstore are mainstream — many enterprise customers and government contracts require signed images, SBOMs, and provenance attestation.
Signing
- ★ Cosign (Sigstore) — sign / verify OCI artifacts; keyless (OIDC-based) or with keys. The default.
- Sigstore — the umbrella: Cosign + Rekor (transparency log) + Fulcio (cert authority).
- Notary v2 (CNCF) — competing OCI signature standard; less momentum than Cosign.
- GPG-signed images — old approach; mostly retired.
SBOM (Software Bill of Materials)
- ★ Syft (Anchore) — generate SBOMs from images / filesystems / packages. The default tool.
- CycloneDX — SBOM format; widely supported.
- SPDX — alternative SBOM format; common in big enterprise.
docker sbom— Docker's bundled wrapper around Syft.- Trivy — also generates SBOMs.
Vulnerability scanning
- ★ Trivy (Aqua) — fast, broad; covers OS packages, language deps, IaC, k8s manifests. The default.
- Grype (Anchore) — pairs with Syft.
- Clair — older, used inside Quay.
- Snyk Container — paid; broader DB, fancier UI.
- Docker Scout — built into Docker Desktop / Hub.
Provenance / attestation
- ★ SLSA (Supply-chain Levels for Software Artifacts) — Google-led framework; ambient build attestation.
- in-toto — software supply-chain framework that powers SLSA.
- GitHub Artifact Attestations — first-class SLSA-style provenance from GitHub Actions.
- Buildx provenance — Docker BuildKit emits SLSA attestations.
Admission control / verification
- ★ Kyverno — k8s policy engine; verify Cosign signatures on every image pull.
- OPA Gatekeeper — alternative.
- Connaisseur (Sumo Logic) — k8s admission controller for image signature verification.
- Cosign policy controller — Sigstore's Kubernetes admission controller.
Pipelines that put it together
A typical "secure build" pipeline in 2026:
- CI (GitHub Actions / Buildkite / Dagger) builds image with Buildx.
- Buildx emits SLSA provenance + SBOM as image attestations.
- Syft generates a CycloneDX SBOM.
- Trivy / Grype scans for CVEs; pipeline fails on high severity.
- Cosign signs image (keyless OIDC against Fulcio / Rekor).
- Image pushed to registry with attached attestations.
- ArgoCD pulls image; Kyverno verifies signature + scans before admission.
Image hardening
- ★ chainguard images — distroless, signed, vuln-scanned base images. Commercial; very common in 2026 supply-chain-conscious shops.
- distroless (Google) — minimal base images; OSS.
- wolfi-os — chainguard's OSS base distro.
Patterns to adopt
- ★ Sign every image you push. Verification can be added later; signatures can't.
- Pin base image digests in Dockerfiles.
- Run scans pre-merge so devs see vulnerabilities, not the deploy pipeline at 3 AM.
- Generate + store SBOMs alongside images (as OCI attestations).
- Track CISA KEV (Known Exploited Vulnerabilities) catalog; prioritize those CVEs.
Pick this if…
- Default new project: Cosign + Trivy + Syft + Buildx provenance + chainguard or distroless base.
- k8s admission verification: Kyverno + Cosign policy.
- Enterprise customer requires SBOMs: Syft → CycloneDX, attached to every image.
- Need formal SLSA attestation: GitHub Artifact Attestations or
slsa-github-generator.