You do not ship your code, you ship a graph of other people's code, built by a pipeline, pulled from registries you do not control. Supply chain security is about being able to prove where every artifact came from and refusing to run anything you cannot.
Sign what you build
Keyless signing with cosign uses your CI identity via OIDC, no long-lived keys to leak. Sign the image by digest, never by tag:
# sign in CI using the workflow OIDC identity (no stored keys)
cosign sign --yes \
registry.internal/api@sha256:9f2b...c1
# anyone can verify who built it and from where
cosign verify \
--certificate-identity-regexp 'https://github.com/acme/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
registry.internal/api@sha256:9f2b...c1Generate and attach an SBOM
A Software Bill of Materials turns a future CVE scramble into a query. Generate one with syft and attach it as a signed attestation:
syft registry.internal/api@sha256:9f2b...c1 -o spdx-json > sbom.json
cosign attest --yes --predicate sbom.json --type spdxjson \
registry.internal/api@sha256:9f2b...c1Verify at admission, not in a wiki
A control nobody enforces is a suggestion. Block unsigned images at the cluster door with a Kyverno policy:
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata: { name: require-signed-images }
spec:
validationFailureAction: Enforce
rules:
- name: verify-signature
match:
any: [{ resources: { kinds: [Pod] } }]
verifyImages:
- imageReferences: ["registry.internal/*"]
attestors:
- entries:
- keyless:
issuer: https://token.actions.githubusercontent.com
subject: "https://github.com/acme/*"Aim for SLSA, level by level
Scripted build, no manual artifact creation
Build service generates provenance automatically
Provenance is signed and non-falsifiable
Two-person review and hermetic, reproducible builds
Pin dependencies by digest, not floating tags
Keep provenance for every artifact you deploy
Fail closed: if verification fails, the pod does not start
Trust is not a vibe. It is a signature you can verify and a policy that refuses everything else.
Sign, attest, and verify, three steps that turn your registry from an act of faith into a chain of custody. In a world of dependency confusion and poisoned tags, provenance is the control that pays for itself the first time it says no.



