Feature Request: Container Image Signing, SBOM, and Attestation (attempt 2) #93
Description
Feature Request: Container Image Signing, SBOM, and Attestation
Requested by: Everworker DevSecOps Team
Date: 2026-02-03
Priority: High
Category: Security / Supply Chain Integrity
Executive Summary
We request the addition of optional container image signing, SBOM generation, and attestation capabilities to Simple Container CLI. This feature would enable organizations to meet modern software supply chain security requirements (NIST SP 800-218, SLSA, Executive Order 14028) directly within their existing sc workflows.
Business Justification
Compliance Requirements
Organizations are increasingly required to demonstrate software supply chain security:
| Standard | Requirement | Current Gap |
|---|---|---|
| NIST SP 800-218 (SSDF) | PS.1.1 - Generate and maintain SBOMs for distributed software | No native SBOM support |
| NIST SP 800-218 (SSDF) | PS.3.1 - Archive and protect build artifacts | No cryptographic signing |
| SLSA Level 2+ | Signed provenance for builds | No provenance attestation |
| Executive Order 14028 | Software supply chain security for federal contractors | Missing signing/SBOM |
| CIS Docker Benchmark | 5.3.1 - Sign container images | Not available |
| CIS Docker Benchmark | 5.3.4 - Maintain SBOM for images | Not available |
Customer Impact
- AWS Marketplace requires signed artifacts for listing
- Enterprise customers require SBOM for procurement
- Government contracts mandate EO 14028 compliance
- Security audits increasingly require supply chain attestation
Feature Specification
1. Image Signing (Cosign/Sigstore Integration)
Configuration
# sc stack configuration
signing:
enabled: true # Enable/disable signing (default: false)
provider: sigstore # Signing provider (sigstore, notation, custom)
keyless: true # Use keyless signing via OIDC (recommended)
# OR explicit key configuration:
# privateKey: ${secret:cosign-private-key}
# publicKey: ${secret:cosign-public-key}
verify:
enabled: true # Verify signatures after signing
oidc-issuer: "https://token.actions.githubusercontent.com"
identity-regexp: "^https://github.com/myorg/.*$"CLI Commands
# Sign an image after build/push
sc image sign --image docker.example.com/myapp:v1.0.0
# Sign with explicit key
sc image sign --image docker.example.com/myapp:v1.0.0 --key cosign.key
# Verify signature
sc image verify --image docker.example.com/myapp:v1.0.0
# Sign all images in a stack
sc stack sign -s mystack -e productionImplementation Notes
- Recommended Tool: Cosign v3.0.2+
- Keyless Signing: Use Sigstore/Fulcio for OIDC-based keyless signing
- Transparency Log: Signatures recorded in Rekor for public auditability
- CI/CD Integration: Requires
id-token: writepermission in GitHub Actions
2. SBOM Generation
Configuration
sbom:
enabled: true # Enable/disable SBOM generation (default: false)
format: cyclonedx-json # cyclonedx-json, spdx-json, syft-json
generator: syft # syft (recommended), trivy, or custom
attach:
enabled: true # Attach SBOM as in-toto attestation to image
sign: true # Sign the SBOM attestation
output:
local: ./sbom/ # Save SBOM locally
registry: true # Push to registry as attestationCLI Commands
# Generate SBOM for an image
sc sbom generate --image docker.example.com/myapp:v1.0.0 --format cyclonedx-json
# Generate and attach SBOM as attestation
sc sbom attach --image docker.example.com/myapp:v1.0.0 --sbom sbom.json
# Generate SBOM for all images in a stack
sc stack sbom -s mystack -e production --output ./sboms/
# Verify SBOM attestation
sc sbom verify --image docker.example.com/myapp:v1.0.0Implementation Notes
- Recommended Tool: Syft v1.41.0+
- Component Coverage: Syft detects 6,000+ components vs 2,000 for alternatives
- Format: CycloneDX JSON recommended for broad tooling compatibility
- Attestation Format: in-toto predicate type for OCI registry storage
3. SLSA Provenance Attestation
Configuration
provenance:
enabled: true # Enable/disable provenance (default: false)
version: "1.0" # SLSA provenance version
builder:
id: "https://github.com/myorg/myrepo"
metadata:
include-env: false # Include (sanitized) environment variables
include-materials: true # Include source materials (git refs)CLI Commands
# Generate and attach SLSA provenance
sc provenance attach --image docker.example.com/myapp:v1.0.0 \
--source-repo github.com/myorg/myrepo \
--git-sha abc123 \
--workflow-name "Release"
# Verify provenance
sc provenance verify --image docker.example.com/myapp:v1.0.0Implementation Notes
- SLSA Version: v1.0 provenance format
- Builder Identity: Derived from CI/CD environment (GitHub Actions, GitLab CI, etc.)
- Non-falsifiable: Requires keyless signing with OIDC identity
4. Vulnerability Scanning Integration
Configuration
security:
scan:
enabled: true # Enable vulnerability scanning (default: false)
tools:
- name: grype # Primary scanner
required: true # Fail if scanner fails
fail-on: critical # Fail on critical vulnerabilities (optional)
- name: trivy # Validation scanner (defense in depth)
required: true
upload:
defectdojo:
enabled: true
url: https://defectdojo.example.com
api-key: ${secret:defectdojo-api-key}CLI Commands
# Scan an image
sc image scan --image docker.example.com/myapp:v1.0.0
# Scan with specific tools
sc image scan --image docker.example.com/myapp:v1.0.0 --tools grype,trivy
# Scan all images in a stack
sc stack scan -s mystack -e productionIntegrated Workflow Example
Combined Release Workflow
# sc stack configuration for production releases
release:
signing:
enabled: true
keyless: true
sbom:
enabled: true
format: cyclonedx-json
attach: true
provenance:
enabled: true
security:
scan:
enabled: true
tools:
- name: grype
required: true
- name: trivy
required: trueCLI Usage
# Full release with signing, SBOM, provenance, and scanning
sc release create -s mystack -e production --version 2026.1.7
# This would automatically:
# 1. Build and push images
# 2. Generate SBOM for each image (Syft)
# 3. Scan images for vulnerabilities (Grype + Trivy)
# 4. Sign images with Cosign (keyless)
# 5. Attach SBOM as signed attestation
# 6. Attach SLSA provenance as signed attestation
# 7. Upload scan results to DefectDojo
# 8. Create Git tag and release notesNIST SP 800-218 Compliance Mapping
| SSDF Practice | Requirement | Simple Container Feature |
|---|---|---|
| PW.1.3 | Review code before deploying | Pre-deploy vulnerability scanning |
| PS.1.1 | Generate and maintain SBOMs | sc sbom generate |
| PS.3.1 | Archive and protect build artifacts | Signed images + Rekor transparency log |
| PS.3.2 | Verify integrity before use | sc image verify, sc sbom verify |
| RV.1.1 | Identify known vulnerabilities | sc image scan with dual-toolchain |
| RV.1.3 | Continuously monitor for vulnerabilities | DefectDojo integration |
SLSA Compliance Mapping
| SLSA Level | Requirement | Simple Container Feature |
|---|---|---|
| Level 1 | Build process fully scripted | sc CLI automation |
| Level 2 | Version control + signed provenance | Git integration + sc provenance attach |
| Level 3 | Hardened build platform + non-falsifiable provenance | Keyless signing via OIDC |
Implementation Recommendations
Tool Versions (Tested)
| Tool | Version | Purpose |
|---|---|---|
| Cosign | 3.0.2 | Image signing (via cosign-installer v4.0.0) |
| Syft | 1.41.0 | SBOM generation (6,265 components) |
| Grype | 0.106.0 | Primary vulnerability scanning |
| Trivy | 0.68.2 | Validation scanning (defense in depth) |
Performance Considerations
Based on our production experience with 9 services:
| Operation | Sequential | Parallel | Recommendation |
|---|---|---|---|
| SBOM Generation | 31s/image | 31s total | Parallelize per-service |
| Signing | 40s/image | 40s total | Parallelize with 0.5s stagger (OIDC rate limits) |
| Scanning | 89s/image | 58s/image | Run Grype + Trivy in parallel |
Error Handling
- Retry Logic: Implement exponential backoff for transient failures (network, registry)
- Required vs Optional: Allow configuration of which steps are required vs best-effort
- Fail-Fast: Option to stop on first failure or continue and report all failures
Alternative Approaches Considered
Option A: Shell Script Wrapper (Current Approach)
We currently implement signing in a 2,400-line bash script (release-images.sh). This works but has drawbacks:
- Complex maintenance
- Limited reusability across projects
- No standardized configuration
Option B: Native Simple Container Integration (Requested)
Integrated into sc CLI with YAML configuration:
- Consistent user experience
- Declarative configuration
- Reusable across all projects
- Maintained by Simple Container team
Option C: Separate Plugin
A plugin architecture could work but adds complexity for a security-critical feature.
Recommendation: Option B - Native integration provides the best security and user experience.
Questions for Simple Container Team
- Configuration Location: Should signing config be per-stack, per-environment, or global?
- Secrets Management: How should signing keys/credentials be securely stored?
- CI/CD Detection: Can
scauto-detect CI environment for OIDC configuration? - Registry Support: Which registries should be tested (ECR, Harbor, DockerHub, etc.)?
- Timeline: What is the feasibility for inclusion in the next major release?
Reference Implementation
We have a working implementation in our release-images.sh script that demonstrates:
- Parallel signing of 9 services (80% faster than sequential)
- Dual-toolchain scanning (Syft+Grype + Trivy)
- SBOM generation and attestation
- SLSA provenance attachment
- AWS Marketplace ECR publishing with signing
- Helm chart signing
We are happy to share this implementation as a reference and collaborate on the Simple Container integration.
Appendix: NIST SP 800-218 SSDF Reference
NIST Special Publication 800-218 - Secure Software Development Framework (SSDF)
Key practices addressed by this feature request:
- PS (Protect Software): Protect all forms of code from unauthorized access and tampering
- PW (Produce Well-Secured Software): Produce well-secured software with minimal security vulnerabilities
- RV (Respond to Vulnerabilities): Identify residual vulnerabilities and respond appropriately
Full document: https://csrc.nist.gov/publications/detail/sp/800-218/final
FYI @Cre-eD