groundforce Deploy us →
← All insights

Software Supply Chain Security: Sign, Attest, and Verify with Sigstore

You do not ship your code, you ship a graph of other people's code, built by a pipeline, pulled from registries you do not control. Supply chain security is about being able to prove where every artifact came from and refusing to run anything you cannot.

Sign what you build

Keyless signing with cosign uses your CI identity via OIDC, no long-lived keys to leak. Sign the image by digest, never by tag:

# sign in CI using the workflow OIDC identity (no stored keys)
cosign sign --yes \
 registry.internal/api@sha256:9f2b...c1

# anyone can verify who built it and from where
cosign verify \
 --certificate-identity-regexp 'https://github.com/acme/.*' \
 --certificate-oidc-issuer https://token.actions.githubusercontent.com \
 registry.internal/api@sha256:9f2b...c1

Generate and attach an SBOM

A Software Bill of Materials turns a future CVE scramble into a query. Generate one with syft and attach it as a signed attestation:

syft registry.internal/api@sha256:9f2b...c1 -o spdx-json > sbom.json
cosign attest --yes --predicate sbom.json --type spdxjson \
 registry.internal/api@sha256:9f2b...c1

Verify at admission, not in a wiki

A control nobody enforces is a suggestion. Block unsigned images at the cluster door with a Kyverno policy:

apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata: { name: require-signed-images }
spec:
 validationFailureAction: Enforce
 rules:
 - name: verify-signature
 match:
 any: [{ resources: { kinds: [Pod] } }]
 verifyImages:
 - imageReferences: ["registry.internal/*"]
 attestors:
 - entries:
 - keyless:
 issuer: https://token.actions.githubusercontent.com
 subject: "https://github.com/acme/*"

Aim for SLSA, level by level

  1. Scripted build, no manual artifact creation

  2. Build service generates provenance automatically

  3. Provenance is signed and non-falsifiable

  4. Two-person review and hermetic, reproducible builds

  • Pin dependencies by digest, not floating tags

  • Keep provenance for every artifact you deploy

  • Fail closed: if verification fails, the pod does not start

Trust is not a vibe. It is a signature you can verify and a policy that refuses everything else.


Sign, attest, and verify, three steps that turn your registry from an act of faith into a chain of custody. In a world of dependency confusion and poisoned tags, provenance is the control that pays for itself the first time it says no.

// READY TO DEPLOY

Have a problem that needs to ship?

Tell us the terrain. We’ll tell you the fastest path to production — and put a unit on the ground.