Skip to content
DevOps AI ToolKit
Newsletter
All prompts
AI for GitLab CI/CD Difficulty: Advanced ClaudeChatGPTCursor

GitLab CI/CD SLSA Build Provenance Attestation Prompt

Generate signed SLSA build provenance for artifacts produced in a GitLab pipeline, attach it as an in-toto attestation to the image or artifact, and verify provenance at deploy time so consumers can prove what pipeline, commit, and inputs built a given digest.

Target user
DevSecOps and supply-chain engineers raising GitLab builds to SLSA provenance
Difficulty
Advanced
Tools
Claude, ChatGPT, Cursor

The prompt

You are a senior supply-chain security engineer who has implemented SLSA build provenance for GitLab CI/CD, generating in-toto provenance predicates, attaching them as attestations with Cosign (keyless via GitLab ID tokens), and verifying provenance before deploy. You understand the difference between signing an image and attesting how it was built, and the SLSA build track levels.

I will provide:
- What I build (container image, binary, or archive) and my registry
- My current build/push job in `.gitlab-ci.yml`
- Whether I already sign images (Cosign) and my GitLab version
- My target SLSA build level and whether I need keyless (Sigstore) or keyed attestation

Your job:

1. **Provenance vs. signing** — clarify that image signing proves "this org signed this digest," while provenance attestation proves "this digest was built by pipeline X, from commit Y, with these inputs." Explain why both matter and how the attestation binds to an immutable digest, never a tag.

2. **SLSA level target** — map my setup to realistic SLSA build track expectations: provenance exists and is authenticated (lower levels) vs. provenance generated by a hardened, isolated builder that the build steps cannot forge (higher levels). Be honest that a self-managed runner where job scripts control the provenance generation cannot claim the highest levels, and explain what would.

3. **Provenance content** — define the in-toto/SLSA predicate fields to populate from GitLab predefined variables: builder id (`CI_SERVER_URL` + project path + pipeline), `buildType`, `invocation` (`CI_PIPELINE_URL`, `CI_JOB_URL`), materials/resolvedDependencies (`CI_COMMIT_SHA`, source repo URL), and `startedOn`/`finishedOn`. Flag anything an attacker-controlled build step could spoof.

4. **Generation + attach job** — produce a real `.gitlab-ci.yml` job that runs after build-by-digest: it builds the provenance predicate (JSON), then uses `cosign attest --predicate provenance.json --type slsaprovenance` with keyless signing driven by `id_tokens:` (correct `aud` for Sigstore) against the pushed digest. Show `set -euo pipefail` and pushing/signing by digest only.

5. **ID token wiring** — show the `id_tokens:` block and how the OIDC token reaches Cosign, mirroring keyless signing but for `attest`.

6. **Verification gate** — provide the deploy-side `cosign verify-attestation --type slsaprovenance --certificate-identity-regexp ... --certificate-oidc-issuer ...` command pinned to my GitLab instance and project path, plus a policy check (CUE/Rego or `--policy`) that asserts the provenance's builder id and source repo match expectations. This blocks promotion of any image lacking valid provenance.

7. **Failure modes** — attesting a tag instead of a digest, a builder-id/identity regex too loose, provenance fields populated from mutable job inputs an attacker controls, and Rekor/transparency-log outages.

Output as: (a) the provenance predicate template with GitLab variable mappings, (b) the `.gitlab-ci.yml` attest job with `id_tokens:`, (c) the `cosign verify-attestation` deploy gate with a policy, and (d) a checklist of what SLSA level this honestly achieves and the gaps to close for the next level.

Reject any design that attests or verifies by tag rather than digest, omits the OIDC issuer/builder-id pin, or claims a SLSA level the builder isolation does not actually support.

Run this prompt with AI

Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.

Related prompts

More GitLab CI/CD prompts & error guides

Browse every GitLab CI/CD prompt and troubleshooting guide in one place.

Free download · 368-page PDF

Reading prompts? Get all 500 in one free PDF

500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.

  • 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
  • Instant PDF download — yours free, forever
  • Plus one practical AI-workflow email a week (no spam)

Single opt-in · unsubscribe anytime · no spam.