Trusted Artifacts
Roadmap — a curated catalog of hardened, minimal, signed base images with SBOM and SLSA provenance, plus (later) build-from-source and FIPS/STIG variants.
Trusted Artifacts
Roadmap — not yet available. Trusted Artifacts is a planned capability documented here for direction. It reuses the shipped container scanner, SBOM engine, and signing/provenance primitives, but the catalog and factory are not yet available.
Trusted Artifacts is planned as a source of hardened, minimal, signed base images with full supply-chain attestation — so the artifacts you build on start clean and provable. It is phased: a curated golden-image catalog with attestation first, then a build-from-source factory and FIPS/STIG variants as demand-gated later phases.
Phase 1 — curated catalog + attestation (planned first)
A curated set of hardened, minimal (distroless) base images — language runtimes and common services — each of which will carry:
- CVE tracking — scanned by the container scanner on ingest and rebuild, with recorded critical/high counts and a remediation SLA.
- Build-time SBOM — both SPDX 2.3 and CycloneDX 1.5, generated from image layers.
- Signature — a cosign/Sigstore signature over the image digest, with keys held in KMS/HSM only.
- SLSA provenance — an in-toto build-provenance attestation (builder identity, source ref, build params).
- Golden-image recommendation — given your current base image, the nearest hardened catalog equivalent and the CVE delta.
Consumers verify with a single command that runs signature, attestation, and SBOM retrieval — the same check a CI pipeline or admission controller calls:
safeguard artifacts verify <ref>Phase 2 — build-from-source, rebuild, FIPS/STIG (planned, demand-gated)
- Build-from-source factory — a melange/apko-style pipeline building each package from source into a minimal, pinned, reproducible, distroless image.
- Daily rebuild + CVE SLA — a continuous rebuild loop that re-scans and republishes with a fresh SBOM, signature, and provenance, trending CVE counts toward zero. "Zero-CVE" is stated honestly as no known CVEs at publish under SLA — not a perpetual guarantee.
- FIPS / STIG variants — images embedding a CMVP-validated crypto module in approved-only mode and STIG-hardened builds, for FedRAMP/DoD buyers.
How it connects
Trusted Artifacts is designed to bridge two other capabilities: an admission-control path can call the verify step to block unsigned, vulnerable, or non-attested images at deploy, and AI-SPM reuses the same signing and provenance machinery to sign and attest model artifacts (model SBOM + signature + provenance). It reuses the existing container scanner and SBOM engine rather than forking them.
When it ships
Provenance records will be tenant-scoped, signing keys held in KMS/HSM only, every publish/sign/rebuild audit-logged, with on-prem/air-gap parity via keyed cosign and a self-hosted registry. Gated by the ff.trusted_artifacts feature flag.
Related
- Gold Registry — the hardened-image registry surface.
- Attestation & Signing — signing and provenance across artifacts.
- Self-Healing Containers — automated remediation of image CVEs.
- AI-SPM — reuses this signing/provenance for model artifacts.
Vulnerability & Exposure Management
Roadmap — a single-pane management layer over the unified findings store, adding a deduplicated risk-ranked backlog, SLA policies, ownership routing, bi-directional ticketing, expiring risk exceptions, campaigns, and metrics.
Asset Discovery
Automatically discover every repository, container, package, SBOM, AI model, and vendor dependency in your software estate.