From a047bfcad8e5ba119aec7e367261792e3fee8722 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Guilherme=20Vanz?= Date: Mon, 7 Oct 2024 16:35:47 -0300 Subject: [PATCH] feat: SLSA 3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updates the CI to make policy server SLSA 3 complaint by providing the SBOM and provenance files. Signed-off-by: José Guilherme Vanz --- .github/workflows/attestation.yml | 138 ++++++++++++++++++++++++ .github/workflows/container-build.yml | 6 +- .github/workflows/container-image.yml | 63 ++--------- .github/workflows/release.yml | 18 ++-- .github/workflows/sbom.yml | 87 ---------------- .github/workflows/sign-image.yml | 7 ++ Dockerfile | 41 ++++++-- Dockerfile.github | 23 ---- Makefile | 4 +- README.md | 144 +++++++++++++++++++++++++- 10 files changed, 347 insertions(+), 184 deletions(-) create mode 100644 .github/workflows/attestation.yml delete mode 100644 .github/workflows/sbom.yml delete mode 100644 Dockerfile.github diff --git a/.github/workflows/attestation.yml b/.github/workflows/attestation.yml new file mode 100644 index 00000000..e318414c --- /dev/null +++ b/.github/workflows/attestation.yml @@ -0,0 +1,138 @@ +name: Sign attestation files + +on: + workflow_call: + inputs: + image-digest: + type: string + required: true + +jobs: + sbom: + name: Fetch, sign and verify SBOM and provenance files + strategy: + matrix: + arch: [amd64, arm64] + + permissions: + packages: write + id-token: write + + runs-on: ubuntu-latest + steps: + - name: Install cosign + uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0 + + - name: Install the crane command + uses: kubewarden/github-actions/crane-installer@d94509d260ee11a92b4f65bc0acd297feec24d7f # v3.3.5 + + - name: Login to GitHub Container Registry + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify container image signature + run: | + cosign verify \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/sign-image.yml@${{ github.ref }}" \ + ghcr.io/${{ github.repository_owner }}/policy-server@${{ inputs.image-digest }} + + - name: Find platform digest + shell: bash + run: | + set -e + DIGEST=$(crane digest \ + --platform "linux/${{ matrix.arch }}" \ + ghcr.io/${{ github.repository_owner }}/policy-server@${{ inputs.image-digest }}) + echo "PLATFORM_DIGEST=${DIGEST}" >> "$GITHUB_ENV" + + - name: Find attestation digest + run: | + set -e + DIGEST=$(crane manifest ghcr.io/${{github.repository_owner}}/policy-server@${{ inputs.image-digest }} \ + | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest") | select(.annotations["vnd.docker.reference.digest"]=="${{ env.PLATFORM_DIGEST }}") | .digest' + ) + echo "ATTESTATION_MANIFEST_DIGEST=${DIGEST}" >> "$GITHUB_ENV" + + - name: Sign attestation manifest + run: | + cosign sign --yes \ + ghcr.io/${{github.repository_owner}}/policy-server@${{ env.ATTESTATION_MANIFEST_DIGEST}} + + cosign verify \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/attestation.yml@${{ github.ref }}" \ + ghcr.io/${{github.repository_owner}}/policy-server@${{ env.ATTESTATION_MANIFEST_DIGEST}} + + - name: Find provenance manifest digest + run: | + set -e + DIGEST=$(crane manifest ghcr.io/${{github.repository_owner}}/policy-server@${{ env.ATTESTATION_MANIFEST_DIGEST}} | \ + jq '.layers[] | select(.annotations["in-toto.io/predicate-type"] == "https://slsa.dev/provenance/v0.2") | .digest') + echo "PROVENANCE_DIGEST=${DIGEST}" >> "$GITHUB_ENV" + + - name: Sign provenance manifest + run: | + cosign sign --yes \ + ghcr.io/${{github.repository_owner}}/policy-server@${{ env.PROVENANCE_DIGEST}} + + cosign verify \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/attestation.yml@${{ github.ref }}" \ + ghcr.io/${{github.repository_owner}}/policy-server@${{ env.PROVENANCE_DIGEST}} + + - name: Find SBOM manifest layers digest + run: | + set -e + DIGEST=$(crane manifest ghcr.io/${{github.repository_owner}}/policy-server@${{ env.ATTESTATION_MANIFEST_DIGEST}} | \ + jq '.layers | map(select(.annotations["in-toto.io/predicate-type"] == "https://spdx.dev/Document")) | map(.digest) | join(" ")') + echo "SBOM_DIGEST=${DIGEST}" >> "$GITHUB_ENV" + + - name: Sign SBOM layers + run: | + for sbom_digest in "${{ env.SBOM_DIGEST }}"; do + cosign sign --yes \ + ghcr.io/${{github.repository_owner}}/policy-server@$sbom_digest + done + + - name: Verify SBOM layers + run: | + for sbom_digest in "${{ env.SBOM_DIGEST }}"; do + cosign verify \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/attestation.yml@${{ github.ref }}" \ + ghcr.io/${{github.repository_owner}}/policy-server@$sbom_digest + done + + - name: Download provenance and SBOM files + run: | + set -e + crane blob ghcr.io/${{github.repository_owner}}/policy-server@${{ env.PROVENANCE_DIGEST}} > policy-server-attestation-${{ matrix.arch }}-provenance.json + md5sum policy-server-attestation-${{ matrix.arch }}-provenance.json >> policy-server-attestation-${{ matrix.arch }}-checksum.txt + + + for sbom_digest in "${{ env.SBOM_DIGEST }}"; do + crane blob ghcr.io/${{github.repository_owner}}/policy-server@$sbom_digest > policy-server-attestation-${{ matrix.arch }}-sbom-${sbom_digest#"sha256:"}.json + md5sum policy-server-attestation-${{ matrix.arch }}-sbom-${sbom_digest#"sha256:"}.json >> policy-server-attestation-${{ matrix.arch }}-checksum.txt + done + + - name: Sign checksum file + run: | + cosign sign-blob --yes \ + --bundle policy-server-attestation-${{ matrix.arch }}-checksum-cosign.bundle \ + policy-server-attestation-${{ matrix.arch }}-checksum.txt + + cosign verify-blob \ + --bundle policy-server-attestation-${{ matrix.arch }}-checksum-cosign.bundle \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/attestation.yml@${{ github.ref }}" \ + policy-server-attestation-${{ matrix.arch }}-checksum.txt + + - name: Upload SBOMs as artifacts + uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + with: + name: attestation-${{ matrix.arch }} + path: policy-server-attestation-${{ matrix.arch }}* diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml index b9535ad5..1cff5b9b 100644 --- a/.github/workflows/container-build.yml +++ b/.github/workflows/container-build.yml @@ -31,8 +31,10 @@ jobs: image-digest: ${{ needs.build.outputs.digest }} sbom: - needs: build - uses: ./.github/workflows/sbom.yml + needs: + - build + - sign + uses: ./.github/workflows/attestation.yml permissions: packages: write id-token: write diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml index 8613cd7e..5a3b9e1e 100644 --- a/.github/workflows/container-image.yml +++ b/.github/workflows/container-image.yml @@ -8,46 +8,10 @@ on: value: ${{ jobs.build.outputs.digest }} jobs: - cross-build: - name: Cross compile policy-server binary - runs-on: ubuntu-latest - - strategy: - matrix: - targetarch: - - aarch64 - - x86_64 - - steps: - - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Setup rust toolchain - uses: actions-rs/toolchain@16499b5e05bf2e26879000db0c1d13f7e13fa3af # v1.0.7 - with: - toolchain: stable - target: ${{matrix.targetarch}}-unknown-linux-musl - override: true - - - uses: actions-rs/cargo@844f36862e911db73fe0815f00a4a2602c279505 # v1.0.3 - with: - use-cross: true - command: build - args: --release --target ${{matrix.targetarch}}-unknown-linux-musl - - - name: Upload policy-server binary - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 - with: - name: policy-server-${{ matrix.targetarch }} - path: | - target/${{ matrix.targetarch }}-unknown-linux-musl/release/policy-server - build: name: Build container image permissions: packages: write - needs: - - cross-build runs-on: ubuntu-latest outputs: repository: ${{ steps.setoutput.outputs.repository }} @@ -57,10 +21,13 @@ jobs: steps: - name: Checkout code uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - name: Set up QEMU uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: @@ -68,44 +35,34 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - # Download the policy-server artifacts we've built inside of the previous job - - name: Download policy-server-x86_64 artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: policy-server-x86_64 - path: artifacts-x86_64 - - name: Download policy-server-aarch64 artifact - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - name: policy-server-aarch64 - path: artifacts-aarch64 - - name: Move binaries to project root - run: | - mv artifacts-x86_64/policy-server policy-server-x86_64 - mv artifacts-aarch64/policy-server policy-server-aarch64 - - name: Retrieve tag name (main branch) if: ${{ startsWith(github.ref, 'refs/heads/main') }} run: | echo TAG_NAME=latest >> $GITHUB_ENV + - name: Retrieve tag name (feat branch) if: ${{ startsWith(github.ref, 'refs/heads/feat') }} run: | echo "TAG_NAME=latest-$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV + - name: Retrieve tag name (tag) if: ${{ startsWith(github.ref, 'refs/tags/') }} run: | echo TAG_NAME=$(echo $GITHUB_REF | sed -e "s|refs/tags/||") >> $GITHUB_ENV + - name: Push and push container image id: build-image uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0 with: context: . - file: ./Dockerfile.github + file: ./Dockerfile platforms: linux/amd64, linux/arm64 push: true + sbom: true + provenance: mode=max tags: | ghcr.io/${{github.repository_owner}}/policy-server:${{ env.TAG_NAME }} + - id: setoutput name: Set output parameters run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 56439181..fa61c921 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -74,16 +74,22 @@ jobs: - name: Checkout code for kubewarden-dashboard.json uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - name: Download SBOM artifact + - name: Download attestation artifact uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: - pattern: sbom-* + pattern: attestation-* path: ./ merge-multiple: true - name: Display structure of downloaded files run: ls -R + - name: Create tarball for the attestation files + run: | + for arch in "amd64" "arm64"; do + tar -czf attestation-$arch.tar.gz $(ls policy-server-attestation-$arch-*) + done + - name: Upload release assets id: upload_release_assets uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -93,12 +99,8 @@ jobs: let path = require('path'); let files = [ - 'policy-server-sbom-amd64.spdx', - 'policy-server-sbom-amd64.spdx.cert', - 'policy-server-sbom-amd64.spdx.sig', - 'policy-server-sbom-arm64.spdx', - 'policy-server-sbom-arm64.spdx.cert', - 'policy-server-sbom-arm64.spdx.sig', + 'attestation-amd64.tar.gz', + 'attestation-arm64.tar.gz', 'kubewarden-dashboard.json'] const {RELEASE_ID} = process.env diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml deleted file mode 100644 index d8173340..00000000 --- a/.github/workflows/sbom.yml +++ /dev/null @@ -1,87 +0,0 @@ -name: Generate SBOMs - -on: - workflow_call: - inputs: - image-digest: - type: string - required: true - -jobs: - sbom: - name: Generate SBOM, sign and attach them to OCI image - strategy: - matrix: - arch: [amd64, arm64] - - permissions: - packages: write - id-token: write - - runs-on: ubuntu-latest - steps: - # this is required to obtain the syft configuration - - name: Checkout code - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - - - name: Install cosign - uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 - - - name: Install the syft command - uses: kubewarden/github-actions/syft-installer@d94509d260ee11a92b4f65bc0acd297feec24d7f # v3.3.5 - - - name: Install the crane command - uses: kubewarden/github-actions/crane-installer@d94509d260ee11a92b4f65bc0acd297feec24d7f # v3.3.5 - - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Find platform digest - shell: bash - run: | - set -e - DIGEST=$(crane digest \ - --platform "linux/${{ matrix.arch }}" \ - ghcr.io/${{ github.repository_owner }}/policy-server@${{ inputs.image-digest }}) - echo "PLATFORM_DIGEST=${DIGEST}" >> "$GITHUB_ENV" - - - name: Create SBOM file - shell: bash - run: | - syft \ - -o spdx-json \ - --file policy-server-sbom-${{ matrix.arch }}.spdx \ - ghcr.io/${{ github.repository_owner }}/policy-server@${{ env.PLATFORM_DIGEST }} - - - name: Sign SBOM file - run: | - cosign sign-blob --yes \ - --output-certificate policy-server-sbom-${{ matrix.arch }}.spdx.cert \ - --output-signature policy-server-sbom-${{ matrix.arch }}.spdx.sig \ - policy-server-sbom-${{ matrix.arch }}.spdx - - - name: Attach SBOM file in the container image - shell: bash - run: | - cosign attach \ - sbom --sbom policy-server-sbom-${{ matrix.arch }}.spdx \ - ghcr.io/${{ github.repository_owner }}/policy-server@${{ env.PLATFORM_DIGEST }} - - - name: Sign SBOM file pushed to OCI registry - shell: bash - run: | - set -e - SBOM_TAG="$(echo ${{ env.PLATFORM_DIGEST }} | sed -e 's/:/-/g').sbom" - - cosign sign --yes \ - ghcr.io/${{github.repository_owner}}/policy-server:${SBOM_TAG} - - - name: Upload SBOMs as artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 - with: - name: sbom-${{ matrix.arch }} - path: policy-server-sbom-${{ matrix.arch }}* diff --git a/.github/workflows/sign-image.yml b/.github/workflows/sign-image.yml index f6fb53c5..d8c1dbca 100644 --- a/.github/workflows/sign-image.yml +++ b/.github/workflows/sign-image.yml @@ -30,3 +30,10 @@ jobs: run: | cosign sign --yes \ ghcr.io/${{github.repository_owner}}/policy-server@${{ inputs.image-digest }} + + - name: Verify container image signature + run: | + cosign verify \ + --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/${{github.repository_owner}}/policy-server/.github/workflows/sign-image.yml@${{ github.ref }}" \ + ghcr.io/${{ github.repository_owner }}/policy-server@${{ inputs.image-digest }} diff --git a/Dockerfile b/Dockerfile index edc5e005..393cc910 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,51 @@ -FROM rust:1.80-alpine AS build +FROM --platform=${BUILDPLATFORM} ghcr.io/cross-rs/aarch64-unknown-linux-musl:0.2.5 AS build-arm64 +ARG BUILDPLATFORM +ARG TARGETPLATFORM + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --target aarch64-unknown-linux-musl --default-toolchain stable + +ENV PATH=/root/.cargo/bin:$PATH +RUN cargo --version + WORKDIR /usr/src -RUN apk add --no-cache musl-dev make +RUN mkdir /usr/src/policy-server +WORKDIR /usr/src/policy-server +COPY ./ ./ + +RUN cargo install --target aarch64-unknown-linux-musl --path . + +FROM --platform=${BUILDPLATFORM} ghcr.io/cross-rs/x86_64-unknown-linux-musl:0.2.5 AS build-amd64 +ARG BUILDPLATFORM +ARG TARGETPLATFORM + +RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --target x86_64-unknown-linux-musl --default-toolchain stable + +ENV PATH=/root/.cargo/bin:$PATH +RUN cargo --version + +WORKDIR /usr/src RUN mkdir /usr/src/policy-server WORKDIR /usr/src/policy-server COPY ./ ./ -RUN cargo install --target $(arch)-unknown-linux-musl --path . -FROM alpine AS cfg +RUN cargo install --target x86_64-unknown-linux-musl --path . + +FROM --platform=$BUILDPLATFORM alpine AS cfg RUN echo "policy-server:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd RUN echo "policy-server:x:65533:policy-server" >> /etc/group +FROM scratch AS copy-amd64 +COPY --from=build-amd64 --chmod=0755 /root/.cargo/bin/policy-server /policy-server + +FROM scratch AS copy-arm64 +COPY --from=build-arm64 --chmod=0755 /root/.cargo/bin/policy-server /policy-server + # Copy the statically-linked binary into a scratch container. -FROM scratch +FROM copy-${TARGETARCH} COPY --from=cfg /etc/passwd /etc/passwd COPY --from=cfg /etc/group /etc/group -COPY --from=build --chmod=0755 /usr/local/cargo/bin/policy-server /policy-server ADD Cargo.lock /Cargo.lock USER 65533:65533 EXPOSE 3000 diff --git a/Dockerfile.github b/Dockerfile.github deleted file mode 100644 index 22a933ca..00000000 --- a/Dockerfile.github +++ /dev/null @@ -1,23 +0,0 @@ -FROM alpine AS common -RUN echo "policy-server:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd -RUN echo "policy-server:x:65533:policy-server" >> /etc/group - -# amd64-specific -FROM scratch AS build-amd64 -COPY --from=common /etc/passwd /etc/passwd -COPY --from=common /etc/group /etc/group -COPY --chmod=0755 policy-server-x86_64 /policy-server -ADD Cargo.lock /Cargo.lock - -# arm64-specific -FROM scratch AS build-arm64 -COPY --from=common /etc/passwd /etc/passwd -COPY --from=common /etc/group /etc/group -COPY --chmod=0755 policy-server-aarch64 /policy-server -ADD Cargo.lock /Cargo.lock - -# common final steps -FROM build-${TARGETARCH} -USER 65533:65533 -EXPOSE 3000 -ENTRYPOINT ["/policy-server"] diff --git a/Makefile b/Makefile index 576b3a98..99854e04 100644 --- a/Makefile +++ b/Makefile @@ -2,6 +2,8 @@ SHELL := /bin/bash IMG ?= policy-server:latest BINDIR ?= bin SBOM_GENERATOR_TOOL_VERSION ?= v0.0.15 +CONTAINER_PLATFORM?=linux/amd64 # or linux/arm64 + SOURCE_FILES := $(shell test -e src/ && find src -type f) @@ -58,7 +60,7 @@ tag: .PHONY: docker-build docker-build: test ## Build docker image with the manager. - docker build -t ${IMG} . + docker build --platform $(CONTAINER_PLATFORM) -t ${IMG} . bin: mkdir $(BINDIR) diff --git a/README.md b/README.md index f7ea875c..e1823767 100644 --- a/README.md +++ b/README.md @@ -222,10 +222,146 @@ $ make build # Software bill of materials -Policy server has its software bill of materials (SBOM) published every release. -It follows the [SPDX](https://spdx.dev/) version 2.2 format and it can be found -together with the signature and certificate used to signed it in the -[release assets](https://github.com/kubewarden/policy-server/releases) +Policy server has its software bill of materials (SBOM +[SPDX](https://spdx.dev/)) and +[Provenance](https://slsa.dev/spec/v1.0/provenance) files published every +release. Both files are generated by [Docker +buildx](https://docs.docker.com/build/metadata/attestations/) during the build +process and stored in the container registry together with the container image +as well as uploaded to the release page. + +After the container image building, the container image and their attestations +are signed using cosign. The attestation files are stoed inside a tarball with +the checksum file with the md5sum for the files there. Therefore, after +downloading the attestation files from the [release +page](https://github.com/kubewarden/policy-server/releases), extracting them, +you can verify the checksum file signature using the following command: + +```shell +cosign verify-blob --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/kubewarden/policy-server/.github/workflows/attestation.yml@refs/tags/v1.17.0" \ + --bundle policy-server-attestation-arm64-checksum-cosign.bundle \ + policy-server-attestation-arm64-checksum.txt +``` + +If you want to verify the attestation manifest and its layer signatures, you +can use the following command: + +```shell +cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/kubewarden/policy-server/.github/workflows/attestation.yml@refs/tags/v1.17.0 \ + ghcr.io/kubewarden/policy-server@sha256:1abc0944378d9f3ee2963123fe84d045248d320d76325f4c2d4eb201304d4c4e +``` + +Remember that the sha256 hash is the digest of the attestation manifest or its +layers. Therefore, you need to find this info in the registry using the UI or +tools like `crane`. For example, the following command will show you all the +attestation manifests of the `latest` tag: + +```shell +crane manifest ghcr.io/kubewarden/policy-server:latest | jq '.manifests[] | select(.annotations["vnd.docker.reference.type"]=="attestation-manifest")' +{ + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "digest": "sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8", + "size": 1655, + "annotations": { + "vnd.docker.reference.digest": "sha256:611d499ec9a26034463f09fa4af4efe2856086252d233b38e3fc31b0b982d369", + "vnd.docker.reference.type": "attestation-manifest" + }, + "platform": { + "architecture": "unknown", + "os": "unknown" + } +} +{ + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "digest": "sha256:e0cd736c2241407114256e09a4cdeef55eb81dcd374c5785c4e5c9362a0088a2", + "size": 1655, + "annotations": { + "vnd.docker.reference.digest": "sha256:03e5db83a25ea2ac498cf81226ab8db8eb53a74a2c9102e4a1da922d5f68b70f", + "vnd.docker.reference.type": "attestation-manifest" + }, + "platform": { + "architecture": "unknown", + "os": "unknown" + } +} +``` + +Then you can use the `digest` field to verify the attestation manifest and its +layers signatures. + +```shell +cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/kubewarden/policy-server/.github/workflows/attestation.yml@refs/tags/v1.17.0 \ + ghcr.io/kubewarden/policy-server@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 + +crane manifest ghcr.io/kubewarden/policy-server@sha256:fc01fa6c82cffeffd23b737c7e6b153357d1e499295818dad0c7d207f64e6ee8 +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "config": { + "mediaType": "application/vnd.oci.image.config.v1+json", + "digest": "sha256:eda788a0e94041a443eca7286a9ef7fce40aa2832263f7d76c597186f5887f6a", + "size": 463 + }, + "layers": [ + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:563689cdee407ab514d057fe2f8f693189279e10bfe4f31f277e24dee00793ea", + "size": 94849, + "annotations": { + "in-toto.io/predicate-type": "https://spdx.dev/Document" + } + }, + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:7ce0572628290373e17ba0bbb44a9ec3c94ba36034124931d322ca3fbfb768d9", + "size": 7363045, + "annotations": { + "in-toto.io/predicate-type": "https://spdx.dev/Document" + } + }, + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:dacf511c5ec7fd87e8692bd08c3ced2c46f4da72e7271b82f1b3720d5b0a8877", + "size": 71331, + "annotations": { + "in-toto.io/predicate-type": "https://spdx.dev/Document" + } + }, + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d", + "size": 980, + "annotations": { + "in-toto.io/predicate-type": "https://spdx.dev/Document" + } + }, + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca", + "size": 13838, + "annotations": { + "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2" + } + } + ] +} + +cosign verify --certificate-oidc-issuer=https://token.actions.githubusercontent.com \ + --certificate-identity-regexp="https://github.com/kubewarden/policy-server/.github/workflows/attestation.yml@refs/tags/v1.17.0 \ + ghcr.io/kubewarden/policy-server@sha256:594da3e8bd8c6ee2682b0db35857933f9558fd98ec092344a6c1e31398082f4d +``` + +Note that each attestation manifest (for each architecture) has its own layers. +Each layer is a different SBOM SPDX or provenance files generated by Docker +Buildx during the multi stage build process. You can also use `crane` to +download the attestation file: + +```shell +crane blob ghcr.io/kubewarden/policy-server@sha256:7738d8d506c6482aaaef1d22ed920468ffaf4975afd28f49bb50dba2c20bf2ca +``` # Security