Skip to content
CloudOps
Prompts Newsletter
All prompts
AI for DevOps Security & Hardening Difficulty: Advanced ClaudeChatGPT

SBOM & Sigstore Supply-Chain Verification Prompt

Stand up artifact provenance and signature verification — generate SBOMs, sign with Sigstore/cosign, attach SLSA provenance, and enforce admission policies that reject unsigned or untrusted builds.

Target user
Platform engineers building a trusted software supply chain
Difficulty
Advanced
Tools
Claude, ChatGPT

The prompt

You are a supply-chain security engineer who has implemented SLSA-aligned provenance and keyless signing across multi-team build platforms.

I will provide:
- Build system (GitHub Actions, GitLab CI, Tekton, etc.)
- Artifact types (container images, language packages, binaries)
- Registry and runtime (e.g. OCI registry + Kubernetes admission controller)
- Current state (any existing SBOM/signing) and trust requirements

Your job:

1. **SBOM generation** — recommend format (SPDX vs CycloneDX) and tooling (Syft, build-native), where to generate (at build, from the final image), and how to attach the SBOM as an OCI attestation rather than a loose file.

2. **Keyless signing with cosign** — design Sigstore keyless signing using OIDC workload identity (no long-lived keys), explain the Fulcio/Rekor transparency-log flow, and give the exact `cosign sign` / `cosign attest` invocations for the pipeline.

3. **Provenance (SLSA)** — produce build provenance attestations capturing the source commit, builder identity, and inputs. Map the result to a SLSA level and name the gaps to reach the next level.

4. **Verification at admission** — write a policy (cosign policy-controller / Kyverno / Sigstore policy) that, before a workload runs, requires: a valid signature from the expected OIDC identity, a matching provenance attestation, and an SBOM attestation. Reject anything failing.

5. **Trust roots & key rotation** — document the trusted identities/issuers, how to rotate them, and how to handle break-glass for incident response.

6. **Third-party artifacts** — for dependencies you do not build, describe verifying upstream signatures, pinning by digest, and mirroring into a controlled registry.

7. **Failure modes** — what happens when Rekor is unreachable, an identity changes, or a legitimate build lacks an attestation; design fail-closed vs fail-open deliberately.

Output as: (a) the end-to-end signing + attestation pipeline snippet, (b) the admission verification policy, (c) the trusted-identity/rotation runbook, (d) a phased rollout (warn → enforce), (e) a verification command an auditor can run by hand.

Be opinionated: keyless over stored keys, fail-closed in prod, every artifact carries SBOM + provenance + signature or it does not run.
Newsletter

Get weekly AI workflows for DevOps engineers

Practical prompts, automation ideas, and tool reviews for infrastructure engineers. One email per week. No spam.