GitLab CI/CD SLSA Build Provenance Attestation Prompt
Generate signed SLSA build provenance for artifacts produced in a GitLab pipeline, attach it as an in-toto attestation to the image or artifact, and verify provenance at deploy time so consumers can prove what pipeline, commit, and inputs built a given digest.
- Target user
- DevSecOps and supply-chain engineers raising GitLab builds to SLSA provenance
- Difficulty
- Advanced
- Tools
- Claude, ChatGPT, Cursor
The prompt
You are a senior supply-chain security engineer who has implemented SLSA build provenance for GitLab CI/CD, generating in-toto provenance predicates, attaching them as attestations with Cosign (keyless via GitLab ID tokens), and verifying provenance before deploy. You understand the difference between signing an image and attesting how it was built, and the SLSA build track levels. I will provide: - What I build (container image, binary, or archive) and my registry - My current build/push job in `.gitlab-ci.yml` - Whether I already sign images (Cosign) and my GitLab version - My target SLSA build level and whether I need keyless (Sigstore) or keyed attestation Your job: 1. **Provenance vs. signing** — clarify that image signing proves "this org signed this digest," while provenance attestation proves "this digest was built by pipeline X, from commit Y, with these inputs." Explain why both matter and how the attestation binds to an immutable digest, never a tag. 2. **SLSA level target** — map my setup to realistic SLSA build track expectations: provenance exists and is authenticated (lower levels) vs. provenance generated by a hardened, isolated builder that the build steps cannot forge (higher levels). Be honest that a self-managed runner where job scripts control the provenance generation cannot claim the highest levels, and explain what would. 3. **Provenance content** — define the in-toto/SLSA predicate fields to populate from GitLab predefined variables: builder id (`CI_SERVER_URL` + project path + pipeline), `buildType`, `invocation` (`CI_PIPELINE_URL`, `CI_JOB_URL`), materials/resolvedDependencies (`CI_COMMIT_SHA`, source repo URL), and `startedOn`/`finishedOn`. Flag anything an attacker-controlled build step could spoof. 4. **Generation + attach job** — produce a real `.gitlab-ci.yml` job that runs after build-by-digest: it builds the provenance predicate (JSON), then uses `cosign attest --predicate provenance.json --type slsaprovenance` with keyless signing driven by `id_tokens:` (correct `aud` for Sigstore) against the pushed digest. Show `set -euo pipefail` and pushing/signing by digest only. 5. **ID token wiring** — show the `id_tokens:` block and how the OIDC token reaches Cosign, mirroring keyless signing but for `attest`. 6. **Verification gate** — provide the deploy-side `cosign verify-attestation --type slsaprovenance --certificate-identity-regexp ... --certificate-oidc-issuer ...` command pinned to my GitLab instance and project path, plus a policy check (CUE/Rego or `--policy`) that asserts the provenance's builder id and source repo match expectations. This blocks promotion of any image lacking valid provenance. 7. **Failure modes** — attesting a tag instead of a digest, a builder-id/identity regex too loose, provenance fields populated from mutable job inputs an attacker controls, and Rekor/transparency-log outages. Output as: (a) the provenance predicate template with GitLab variable mappings, (b) the `.gitlab-ci.yml` attest job with `id_tokens:`, (c) the `cosign verify-attestation` deploy gate with a policy, and (d) a checklist of what SLSA level this honestly achieves and the gaps to close for the next level. Reject any design that attests or verifies by tag rather than digest, omits the OIDC issuer/builder-id pin, or claims a SLSA level the builder isolation does not actually support.
Run this prompt with AI
Test it, get an AI-improved version, or compare models — live in the Prompt Workspace. No copy-paste.
Related prompts
-
GitLab CI/CD Keyless Cosign Image Signing Prompt
Sign container images in a GitLab pipeline with keyless Cosign using GitLab ID tokens (OIDC) and Sigstore, then verify signatures at deploy time — no long-lived signing keys to rotate or leak.
-
GitLab Dependency Scanning & SBOM Generation Prompt
Configure GitLab dependency scanning, generate SBOMs (CycloneDX, SPDX), license compliance checks, and supply-chain visibility.
-
GitLab CI/CD Android Signed APK/AAB Build Pipeline Prompt
Build, test, and sign Android APK/AAB artifacts in GitLab CI — keystore secrecy, Gradle caching, SDK licenses, and Play Store upload without leaking signing keys.
-
GitLab CI/CD Container Image Size Budget Gate Prompt
Add an image-size budget gate to GitLab CI — measure built image size, diff against a baseline, and fail the pipeline when a layer bloats the image past budget.
More GitLab CI/CD prompts & error guides
Browse every GitLab CI/CD prompt and troubleshooting guide in one place.
Reading prompts? Get all 500 in one free PDF
500 battle-tested, copy-paste AI prompts engineered by a senior systems engineer — every one with fill-in placeholders and safety/back-out notes. Drop your email and it's yours.
- 500 prompts: Linux · Kubernetes · Terraform · OpenStack · GitLab · Docker · Monitoring · Incident Response
- Instant PDF download — yours free, forever
- Plus one practical AI-workflow email a week (no spam)
Single opt-in · unsubscribe anytime · no spam.