Skip to content
EdgeServers
Blog

A practical Docker image supply chain: signed, scanned, attested

May 6, 2026 · 2 min read · by Sudhanshu K.

"My image scans clean" is not a supply chain. A supply chain is provable lineage from the source commit to the running container. Here's the minimum we ship for every customer.

The four artifacts

For every image we build, we produce:

  1. The image itself, tagged immutably (commit SHA, not latest)
  2. An SBOM (Software Bill of Materials) in SPDX or CycloneDX format
  3. A vulnerability scan report (Trivy or Grype)
  4. A signature (Cosign) over the digest + a signed attestation linking image to SBOM + scan + commit

These get pushed alongside the image into the registry under OCI-standard relations.

Build pipeline

In GitHub Actions:

- run: docker buildx build --output type=registry,name=${IMG} .
- run: syft ${IMG} -o cyclonedx-json > sbom.json
- run: trivy image --format json ${IMG} > scan.json
- run: cosign sign --yes ${IMG}
- run: cosign attest --predicate sbom.json --type cyclonedx --yes ${IMG}
- run: cosign attest --predicate scan.json --type vuln --yes ${IMG}

Keyless signing via Fulcio + Rekor means the signing identity is the GitHub Actions OIDC token. No long-lived keys to rotate.

Admission policy

The Kubernetes cluster runs Kyverno (or OPA Gatekeeper) with a policy that refuses any pod whose image:

  • Is not signed by an expected identity (the build pipeline's workload identity)
  • Has any critical CVE in its scan attestation that's older than 7 days
  • Doesn't have an SBOM attestation at all

This means a developer cannot push an unsigned image into prod even if they have kubectl apply rights. The cluster will reject the pod before it schedules.

What we monitor

  • New CVEs that affect already-deployed images (Trivy DB updates daily; we re-scan in-place)
  • Images running in production that haven't been rebuilt in N days
  • Signature verification failures (alerts to PagerDuty)
  • Drift between the SBOM at build time and what's actually running (usually means a sneaky apt install snuck in)

Full post on Medium has the Kyverno policies verbatim, the Cosign keyless setup, and the dashboard we use to track signature coverage across the whole estate.

Full article available

Read the full article