Skip to content

[FEATURE][SECURITY]: Container image signing and verification - Sigstore/Cosign integration #2235

Open
Feature
#3626
Open
[FEATURE][SECURITY]: Container image signing and verification - Sigstore/Cosign integration#2235
Feature
#3626
Labels
MUSTP1: Non-negotiable, critical requirements without which the product is non-functional or unsafedevopsDevOps activities (containers, automation, deployment, makefiles, etc)enhancementNew feature or requestpluginssecurityImproves securitysweng-group-12SwEng Group 12 - AI-Powered Security Scanner MCP Server for Pre-Deployment ValidationtcdSwEng Projects
Milestone
Release 1.1.0
@crivetimihai

Description

@crivetimihai
crivetimihai
opened on Jan 20, 2026

🔏 Plugin: Container Image Signing & Verification - Sigstore/Cosign Integration

Goal

Implement a Container Image Signing & Verification Plugin using Sigstore/Cosign to cryptographically verify container image provenance and integrity before MCP servers are deployed to the gateway.

Why Now?

  1. Supply Chain Security: Unsigned images can be tampered with in transit or at rest
  2. Provenance Verification: Need to verify images come from trusted sources
  3. Compliance Requirements: FedRAMP, SLSA, and SOC2 increasingly require signed artifacts
  4. Industry Standard: Sigstore/Cosign is the CNCF-graduated standard for container signing
  5. Zero-Trust Architecture: "Never trust, always verify" applies to container images
  6. Existing Assessment Pipeline: Integrates naturally with [EPIC][SECURITY]: MCP server security posture assessment - Pre-deployment scanning and validation #2215 and [FEATURE][SECURITY]: Container vulnerability scanner - Trivy/Grype integration #2216

📖 User Stories

US-1: Security Admin - Require Signed Images

As a Security Administrator
I want to require cryptographically signed container images
So that only verified images from trusted sources are deployed

Acceptance Criteria:

Given image signing policy is enabled:
  signing_policy:
    require_signature: true
    trusted_keys:
      - keyless: true
        issuer: "https://accounts.google.com"
        subject: "build@example.com"
When an unsigned image is submitted:
Then deployment is blocked with:
  "Image ghcr.io/org/server:v1 is not signed. Signature required."
When a properly signed image is submitted:
Then signature is verified against trusted keys
And deployment proceeds if valid
US-2: DevOps Engineer - Verify SLSA Provenance

As a DevOps Engineer
I want SLSA provenance attestations verified
So that I can trust the build process that created the image

Acceptance Criteria:

Given SLSA verification is enabled:
When an image with SLSA attestation is submitted:
Then the plugin should:
  - Fetch attestation from registry
  - Verify attestation signature
  - Check SLSA level (L1, L2, L3)
  - Verify builder identity
  - Verify source repository
And if SLSA level >= required level:
  deployment proceeds
Else:
  deployment blocked with SLSA level mismatch
US-3: Platform Admin - Manage Trusted Keys

As a Platform Administrator
I want to manage trusted signing keys and identities
So that I can control which signers are trusted

Acceptance Criteria:

Given I access /admin/security/signing:
When I manage trusted signers:
Then I can:
  - Add keyless identities (OIDC issuer + subject)
  - Add public keys (PEM format)
  - Add key references (KMS, Vault)
  - Set expiration dates
  - Enable/disable signers
And changes take effect immediately

🏗 Architecture

Verification Flow

sequenceDiagram
    participant Assess as Assessment Service
    participant Plugin as Signing Plugin
    participant Cosign as Cosign CLI
    participant Registry as Container Registry
    participant Rekor as Rekor Transparency Log

    Assess->>Plugin: Verify image signature
    Plugin->>Registry: Fetch image manifest
    Registry-->>Plugin: Manifest + digest
    
    Plugin->>Cosign: cosign verify <image>
    Cosign->>Registry: Fetch signature
    Cosign->>Rekor: Verify transparency log entry
    Rekor-->>Cosign: Log entry valid
    Cosign->>Cosign: Verify signature against trusted keys
    Cosign-->>Plugin: Verification result
    
    alt Signature Valid
        Plugin->>Plugin: Check SLSA attestation (optional)
        Plugin-->>Assess: Verified (signer, timestamp, SLSA level)
    else Signature Invalid/Missing
        Plugin-->>Assess: Verification failed (reason)
    end
Loading

Signing Policy Schema

signing_policy:
  # Require signatures
  require_signature: true
  
  # Trusted signers (any match = trusted)
  trusted_signers:
    # Keyless (OIDC-based) signers
    - type: keyless
      issuer: "https://accounts.google.com"
      subject: "builder@example.com"
      
    - type: keyless
      issuer: "https://token.actions.githubusercontent.com"
      subject_regex: "https://github.com/myorg/.*"
      
    # Public key signers
    - type: public_key
      key: |
        -----BEGIN PUBLIC KEY-----
        MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...
        -----END PUBLIC KEY-----
        
    # KMS-based keys
    - type: kms
      key_ref: "gcpkms://projects/myproject/locations/global/keyRings/myring/cryptoKeys/mykey"
      
  # SLSA requirements
  slsa:
    require_attestation: true
    minimum_level: 2
    trusted_builders:
      - "https://github.com/slsa-framework/slsa-github-generator"

Database Schema

-- Trusted signers
CREATE TABLE trusted_signers (
    id UUID PRIMARY KEY,
    name VARCHAR(100) NOT NULL,
    signer_type VARCHAR(20) NOT NULL,  -- keyless, public_key, kms
    
    -- Keyless fields
    oidc_issuer VARCHAR(255),
    subject_pattern VARCHAR(255),
    
    -- Key fields
    public_key TEXT,
    kms_key_ref VARCHAR(500),
    
    enabled BOOLEAN DEFAULT TRUE,
    expires_at TIMESTAMP,
    
    created_by VARCHAR(255),
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Signature verification results
CREATE TABLE signature_verifications (
    id UUID PRIMARY KEY,
    assessment_id UUID REFERENCES security_assessments(id),
    
    image_ref VARCHAR(500) NOT NULL,
    image_digest VARCHAR(100),
    
    signature_found BOOLEAN NOT NULL,
    signature_valid BOOLEAN,
    
    signer_identity VARCHAR(255),
    signer_issuer VARCHAR(255),
    signed_at TIMESTAMP,
    
    slsa_level INTEGER,
    slsa_builder VARCHAR(255),
    
    verification_error TEXT,
    
    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

📋 Implementation Tasks

  • Cosign Integration

    • Cosign CLI wrapper
    • Signature verification
    • Keyless verification (Fulcio)
    • Transparency log verification (Rekor)

  • SLSA Attestation

    • Attestation fetching
    • Attestation verification
    • SLSA level extraction
    • Builder identity verification

  • Trusted Signer Management

    • Database schema migration
    • CRUD API for signers
    • Key formats support (PEM, KMS refs)
    • OIDC identity patterns

  • Plugin Implementation

  • Admin UI

    • Trusted signers management
    • Verification results display
    • Policy configuration

  • Testing

    • Unit tests with signed images
    • Integration tests with Sigstore
    • Invalid signature tests

⚙️ Configuration Example

plugins:
  - name: "ImageSigningPlugin"
    kind: "plugins.image_signing.image_signing.ImageSigningPlugin"
    hooks:
      - assessment_post_container_scan
    mode: "enforce"
    priority: 12
    
    config:
      # Verification settings
      verification:
        require_signature: true
        verify_transparency_log: true
        offline_mode: false
        
      # SLSA settings
      slsa:
        require_attestation: false
        minimum_level: 1
        
      # Trusted signers (inline or reference DB)
      trusted_signers:
        - type: keyless
          issuer: "https://token.actions.githubusercontent.com"
          subject_regex: "https://github.com/IBM/.*"
          
      # Cosign settings
      cosign:
        path: "/usr/local/bin/cosign"
        timeout_seconds: 30

✅ Success Criteria

  • Cosign signature verification working
  • Keyless (OIDC) verification supported
  • SLSA attestation verification
  • Trusted signer management in Admin UI
  • Integration with assessment pipeline
  • Rekor transparency log verification
  • 80%+ test coverage

🔗 Related Issues

📚 References

Metadata

Metadata

Assignees

No one assigned

    Labels

    MUSTP1: Non-negotiable, critical requirements without which the product is non-functional or unsafedevopsDevOps activities (containers, automation, deployment, makefiles, etc)enhancementNew feature or requestpluginssecurityImproves securitysweng-group-12SwEng Group 12 - AI-Powered Security Scanner MCP Server for Pre-Deployment ValidationtcdSwEng Projects

    Type

    Feature

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions