Skip to content
opencomplai.com Get Started

Supply-Chain Security

Opencomplai ships official container images with cryptographic signatures and software bill of materials (SBOM) attestations. This page covers how the signatures are produced and how you can verify them before deploying.

How official images are signed

Every image published from this repository under ghcr.io/opencomplai/opencomplai/<service> is built, signed, and attested by the supply-chain.yml GitHub Actions workflow. The workflow runs on every version tag (v*.*.*) and on manual dispatch.

The signing uses cosign keyless mode, backed by the Sigstore public-good infrastructure (Rekor transparency log and Fulcio CA). No long-lived signing key is stored in CI. The signing identity is the workflow's OIDC token, scoped to the opencomplai/opencomplai repository and the supply-chain.yml workflow file.

The SBOM is generated by syft in SPDX-JSON format and attached to the image as a cosign in-toto attestation (--type spdxjson).

Verifying an image signature

cosign verify \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp "^https://github.com/Checkref-co/opencomplai/\.github/workflows/supply-chain\.yml@" \
  ghcr.io/opencomplai/opencomplai/gateway-api:1.0.0

The command exits 0 and prints the signing certificate when the signature is valid and the identity matches the expected workflow.

Verifying the SBOM attestation

Use the helper script bundled with the repository:

./scripts/verify-sbom.sh ghcr.io/opencomplai/opencomplai/gateway-api:1.0.0

It runs both cosign verify and cosign verify-attestation and decodes the predicate name from the SBOM payload.

SBOM format

The SBOM is SPDX-JSON (SPDX 2.3). You can extract it from the attestation and pipe it into other tooling:

cosign download attestation \
  --predicate-type https://spdx.dev/Document \
  ghcr.io/opencomplai/opencomplai/gateway-api:1.0.0 \
  | jq -r '.payload | @base64d | fromjson | .predicate' > gateway-api.spdx.json

Scanning for known vulnerabilities

syft and grype compose cleanly:

syft ghcr.io/opencomplai/opencomplai/gateway-api:1.0.0 -o spdx-json \
  | grype --fail-on high

CI runs an equivalent scan on every pull request via the vulnerability-scan job in ci-docker.yml. CRITICAL and HIGH fixable findings fail the build.