NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories.

Please do not report security vulnerabilities through GitHub.

To report a potential security vulnerability in any NVIDIA product:

• Web: Security Vulnerability Submission Form
• Email: [email protected]
  • Use NVIDIA PGP Key for secure communication

Include in your report:

• Product/Driver name and version
• Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
• Steps to reproduce
• Proof-of-concept or exploit code
• Potential impact and exploitation method

NVIDIA offers acknowledgement for externally reported security issues under our coordinated vulnerability disclosure policy. Visit PSIRT Policies for details.

For all security-related concerns: https://www.nvidia.com/en-us/security

NVSentinel provides supply chain security artifacts for all container images:

• SBOM Attestation: Complete inventory of packages, libraries, and components
• SLSA Build Provenance: Verifiable build information (how and where images were created)

Export variables for the image you want to verify, for example:

export IMAGE="ghcr.io/nvidia/nvsentinel/fault-quarantine"
export DIGEST="sha256:4558fc8a81f26e9dffa513c253de45ffaaca0b41e0bdd7842938778b63c66e1d"
export IMAGE_DIGEST="$IMAGE@$DIGEST"
export IMAGE_SBOM="$IMAGE:sha256-$(echo "$DIGEST" | cut -d: -f2).sbom"

Authentication (if needed):

docker login ghcr.io

A Software Bill of Materials (SBOM) provides a detailed inventory of all components in a container image. NVSentinel generates SBOMs in SPDX v2.3 format.

Query SBOM:

# Get SBOM manifest digest
export SBOM_DIGEST=$(crane manifest $IMAGE_SBOM | jq -r '.layers[0].digest')

# Retrieve SBOM content
crane blob "$IMAGE@$SBOM_DIGEST"

Example SBOM output (abbreviated):

{
  "SPDXID": "SPDXRef-DOCUMENT",
  "name": "sbom-sha256:4558fc8a...",
  "spdxVersion": "SPDX-2.3",
  "creationInfo": {
    "created": "2025-10-13T16:04:04Z",
    "creators": ["Tool: ko v0.18.0"]
  },
  "packages": [
    {
      "SPDXID": "SPDXRef-Package-sha256-850e8fd3...",
      "name": "sha256:850e8fd3...",
      "primaryPackagePurpose": "CONTAINER",
      "externalRefs": [
        {
          "referenceCategory": "PACKAGE-MANAGER",
          "referenceType": "purl"
        }
      ]
    }
  ]
}

SLSA (Supply chain Levels for Software Artifacts) provides verifiable information about how images were built.

NVSentinel images include SLSA Build Provenance attestations that can be verified both manually (using CLI tools) and automatically (using Kubernetes admission policies).

Refer to distros/kubernetes/nvsentinel/policies/README.md for:

• Manual verification commands using cosign or gh CLI
• Automated in-cluster verification using Sigstore Policy Controller
• Installation and configuration instructions