The gap between build and production

A CI/CD pipeline builds a container image. That image is pushed to a registry. Later, Kubernetes pulls the image and runs it in production. Between build and deployment there are multiple points where the image could be modified, replaced or tampered with — and in most organizations there is no mechanism to verify that what runs in production is exactly what the pipeline built.

This is not a theoretical threat. Supply chain attacks targeting container registries, compromised build environments and malicious image replacement are documented attack vectors. The SolarWinds attack demonstrated that even sophisticated organizations can fail to detect artifact tampering in their delivery pipeline.

Why checksums are not enough

A SHA256 hash confirms that a file has not been modified — but it doesn’t tell you who built it, when, or from what source code. Anyone with write access to the registry can push a new image with a different hash. The hash verifies integrity after you decide to trust it — it doesn’t help you decide whether to trust it in the first place.

Cryptographic signing as the solution

Cosign (part of the Sigstore project) adds cryptographic signatures to container images. The pipeline signs the image after building it, and Kubernetes verifies the signature before running it. If the signature doesn’t match — the image is rejected. No exceptions.

The key property: the signature is tied to a specific identity (the pipeline that built it), a specific source (the Git commit), and a specific moment in time (recorded in the Rekor transparency log). An auditor can independently verify that a production image was built by an authorized pipeline from authorized source code — without access to your infrastructure.

SLSA frameworkSupply-chain Levels for Software Artifacts (SLSA) defines maturity levels for supply chain security. Level 2 requires signed provenance — evidence of where and how an artifact was built. Cosign + SBOM attestation is the most common implementation path to SLSA Level 2 for container-based workflows.

What this looks like in practice

Adding Cosign signing to a pipeline is a matter of adding one step after docker build. Verification in Kubernetes uses an admission controller (e.g., Kyverno or Sigstore policy-controller) that checks signatures before allowing pods to run. The overhead is minimal — seconds per deployment.

The result: every image in production has a verifiable provenance chain. The auditor gets cryptographic proof, not declarations.

Read also:

CosignSigstoreSupply ChainSecurity