Tooling

Image Supply Chain Security

Signing, attestation, SBOM, vulnerability scanning, provenance.

By 2026 SLSA and Sigstore are mainstream — many enterprise customers and government contracts require signed images, SBOMs, and provenance attestation.

Signing

  • Cosign (Sigstore) — sign / verify OCI artifacts; keyless (OIDC-based) or with keys. The default.
  • Sigstore — the umbrella: Cosign + Rekor (transparency log) + Fulcio (cert authority).
  • Notary v2 (CNCF) — competing OCI signature standard; less momentum than Cosign.
  • GPG-signed images — old approach; mostly retired.

SBOM (Software Bill of Materials)

  • Syft (Anchore) — generate SBOMs from images / filesystems / packages. The default tool.
  • CycloneDX — SBOM format; widely supported.
  • SPDX — alternative SBOM format; common in big enterprise.
  • docker sbom — Docker's bundled wrapper around Syft.
  • Trivy — also generates SBOMs.

Vulnerability scanning

  • Trivy (Aqua) — fast, broad; covers OS packages, language deps, IaC, k8s manifests. The default.
  • Grype (Anchore) — pairs with Syft.
  • Clair — older, used inside Quay.
  • Snyk Container — paid; broader DB, fancier UI.
  • Docker Scout — built into Docker Desktop / Hub.

Provenance / attestation

  • SLSA (Supply-chain Levels for Software Artifacts) — Google-led framework; ambient build attestation.
  • in-toto — software supply-chain framework that powers SLSA.
  • GitHub Artifact Attestations — first-class SLSA-style provenance from GitHub Actions.
  • Buildx provenance — Docker BuildKit emits SLSA attestations.

Admission control / verification

  • Kyverno — k8s policy engine; verify Cosign signatures on every image pull.
  • OPA Gatekeeper — alternative.
  • Connaisseur (Sumo Logic) — k8s admission controller for image signature verification.
  • Cosign policy controller — Sigstore's Kubernetes admission controller.

Pipelines that put it together

A typical "secure build" pipeline in 2026:

  1. CI (GitHub Actions / Buildkite / Dagger) builds image with Buildx.
  2. Buildx emits SLSA provenance + SBOM as image attestations.
  3. Syft generates a CycloneDX SBOM.
  4. Trivy / Grype scans for CVEs; pipeline fails on high severity.
  5. Cosign signs image (keyless OIDC against Fulcio / Rekor).
  6. Image pushed to registry with attached attestations.
  7. ArgoCD pulls image; Kyverno verifies signature + scans before admission.

Image hardening

  • chainguard images — distroless, signed, vuln-scanned base images. Commercial; very common in 2026 supply-chain-conscious shops.
  • distroless (Google) — minimal base images; OSS.
  • wolfi-os — chainguard's OSS base distro.

Patterns to adopt

  • Sign every image you push. Verification can be added later; signatures can't.
  • Pin base image digests in Dockerfiles.
  • Run scans pre-merge so devs see vulnerabilities, not the deploy pipeline at 3 AM.
  • Generate + store SBOMs alongside images (as OCI attestations).
  • Track CISA KEV (Known Exploited Vulnerabilities) catalog; prioritize those CVEs.

Pick this if…

  • Default new project: Cosign + Trivy + Syft + Buildx provenance + chainguard or distroless base.
  • k8s admission verification: Kyverno + Cosign policy.
  • Enterprise customer requires SBOMs: Syft → CycloneDX, attached to every image.
  • Need formal SLSA attestation: GitHub Artifact Attestations or slsa-github-generator.

On this page