Home Posts Supply Chain Security: Automating SBOMs & Signed Attestation
Security Deep-Dive

Supply Chain Security: Automating SBOMs & Signed Attestations

Supply Chain Security: Automating SBOMs & Signed Attestations
Dillip Chowdary
Dillip Chowdary
Tech Entrepreneur & Innovator · April 22, 2026 · 12 min read

Bottom Line

Cryptographic signatures and machine-readable SBOMs are the new baseline for production-grade software, shifting security from a reactive scan to a proactive, immutable proof of origin.

Key Takeaways

  • Syft provides the most comprehensive discovery for 15+ package ecosystems, generating industry-standard SBOMs in seconds.
  • Cosign’s keyless signing (via Sigstore) eliminates the operational overhead of private key management in CI/CD.
  • Attestations allow you to prove 'how' an image was built and 'who' built it, satisfying SLSA Level 3 requirements.
  • Verification at the admission controller level prevents unsigned or vulnerable images from ever reaching your cluster.

In 2026, the 'trust but verify' model of software distribution has been rendered obsolete by the sophistication of supply chain attacks. As organizations move toward SLSA (Supply-chain Levels for Software Artifacts) compliance, the manual verification of dependencies is being replaced by automated, cryptographically signed metadata. This guide demonstrates how to build a resilient 'Chain of Trust' by automating Software Bill of Materials (SBOM) generation and signed attestations directly within your deployment pipeline.

Prerequisites & Tools

Before we begin, ensure your environment meets these specifications. We will be using the Sigstore ecosystem for signing and Anchore's tooling for discovery.

Required Stack

  • Docker or Podman for local image management.
  • Syft 1.4.x (or later) for SBOM generation.
  • Cosign 2.4.x for cryptographic signing.
  • A GitHub account with Actions enabled for automation.
  • Access to a container registry (GHCR, Docker Hub, or AWS ECR).

Bottom Line

Automation of SBOMs and cryptographic signing is no longer a luxury; it is the fundamental requirement for SLSA Level 3 compliance and the only way to prevent unauthorized code from infiltrating your production clusters.

Step 1: Automated SBOM Generation with Syft

The first step is identifying every dependency, library, and OS package inside your container. Syft excels at this by performing a deep scan of the filesystem layers.

  1. Choose your format: While SPDX is common, CycloneDX has become the preferred choice for security automation due to its lightweight JSON structure.
    DimensionSPDXCycloneDXEdge
    ComplianceLegal/License focusSecurity focusCycloneDX
    ParsingHeavy (Tag-Value)Native JSON/XMLCycloneDX
    VEX SupportDevelopingFirst-classCycloneDX
  2. Generate the SBOM: Run the following command to output a JSON-formatted bill of materials for your image: 
    syft my-app:latest -o cyclonedx-json > sbom.json

Step 2: Keyless Image Signing with Cosign

In 2026, managing private GPG keys is a liability. Sigstore's Cosign allows for 'keyless' signing using OpenID Connect (OIDC). In a CI/CD environment like GitHub Actions, the runner receives a short-lived certificate tied to the repository's identity.

To sign an image locally using a key (if not using OIDC), you would first generate a pair:

cosign generate-key-pair
cosign sign --key cosign.key user/repo:tag

However, for automation, the --oidc-issuer flag is your best friend, as it leverages the platform's identity without requiring secrets stored in your environment.

Pro tip: Always sign the image by its digest (sha256:...) rather than its tag (:latest). Tags are mutable; digests are immutable. Signing a digest ensures the signature remains valid even if the tag is reassigned.

Step 3: CI/CD Pipeline Integration

Integrating these steps into GitHub Actions ensures that every build is accompanied by proof of its contents. Before publishing these artifacts, ensure any sensitive environment data is handled correctly—refer to our Data Masking Tool if you need to sanitize configuration outputs during the build process.

jobs:
  build-and-sign:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
      id-token: write # Required for keyless signing

    steps:
      - name: Generate SBOM
        uses: anchore/sbom-action@v0
        with:
          image: ghcr.io/${{ github.repository }}:latest
          format: cyclonedx-json
          output-file: ./sbom.json

      - name: Install Cosign
        uses: sigstore/cosign-installer@v3.5.0

      - name: Sign Image and Attest SBOM
        run: |
          cosign sign --yes ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}
          cosign attest --yes --type cyclonedx --predicate ./sbom.json ghcr.io/${{ github.repository }}@${{ steps.build.outputs.digest }}

Verification & Expected Output

Once signed, anyone can verify the provenance of the image. This is what you should expect to see when running cosign verify:

cosign verify ghcr.io/my-org/my-app:latest \
  --certificate-identity https://github.com/my-org/my-app/.github/workflows/deploy.yml@refs/heads/main \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

Expected Output:

[
  {
    "critical": [
      {
        "Identity": "https://github.com/my-org/my-app/.github/workflows/deploy.yml@refs/heads/main",
        "Issuer": "https://token.actions.githubusercontent.com"
      }
    ],
    "optional": null,
    "verified": true
  }
]

Troubleshooting Top-3

1. Permission Denied (403) on Registry: This usually occurs because the GITHUB_TOKEN lacks packages: write permissions. Ensure your workflow has the explicit permissions block defined at the job level.

2. OIDC Provider Not Found: If keyless signing fails, verify that id-token: write is enabled. Without this, the runner cannot request the identity token from GitHub's OIDC provider.

3. Malformed SBOM Error: Some scanners fail if the CycloneDX version is too new (e.g., 1.6). Use the --format flag in Syft to pin to a compatible version like cyclonedx-json@1.4.

What's Next: Admission Control

Generating and signing data is only half the battle. The final step in a mature security posture is Policy Enforcement. By using Kyverno or Gatekeeper in your Kubernetes cluster, you can create a rule that rejects any pod whose container image does not have a valid signature from your CI/CD pipeline. This ensures that even if a registry is compromised, unauthorized images can never be executed in your production environment.

Frequently Asked Questions

What is the difference between a signature and an attestation? +
A signature proves the identity of the person or system that pushed the image. An attestation is a signed statement that includes additional metadata, such as an SBOM or vulnerability scan result, proving not just 'who' pushed it, but 'what' is inside it.
Does generating an SBOM slow down my CI/CD pipeline? +
Minimally. Tools like Syft are highly optimized and typically generate an SBOM for a standard microservice in under 10 seconds. The security benefits far outweigh the negligible latency.
Can I use keyless signing with private registries? +
Yes. While Sigstore's public transparency log (Rekor) is often used for public images, you can run a private Sigstore instance or use Cosign with private keys and local verification for internal registries.
Which SBOM format should I use in 2026? +
CycloneDX is currently the industry leader for security-focused automation and vulnerability management, whereas SPDX remains the standard for legal and licensing compliance. Most modern tools support both.

Get Engineering Deep-Dives in Your Inbox

Weekly breakdowns of architecture, security, and developer tooling — no fluff.

Found this useful? Share it.

Tweet Share

Related Deep-Dives

Security Deep-Dive

Implementing Zero Trust: A 2026 Practical Guide

Learn how to secure internal service communication using SPIFFE and mTLS.

 Cloud Infrastructure

Hardening Your CI/CD: Beyond Secret Management

Advanced strategies for securing GitHub Actions runners and OIDC workflows.