Discover remote SBOMs on container images wrapped in Sigstore Bundles

[RingoDev]

Description

TLDR

Cosign > 2.5.0 allows attesting SBOMs to OCI artifacts using the OCI Referrers API.

I am now able to attest an SBOM with Cosign and have it refer to the attested container image with a command like cosign attest --new-bundle-format --key "$COSIGN_KEY" --type cyclonedx --predicate ./sbom.cdx.json <IMAGE>.
Subsequently I would like to be able to use Trivy with a call like trivy image --sbom-source oci <IMAGE> and have it automatically discover and scan the SBOM instead of the container image.

This is very similar to already supported SBOM discovery for container images.

What would be needed?

The new Cosign attestations consist of a manifest that can be discovered via the Referrers API (as already implemented for OCI discovery), which point to the actual attestation blob that contains the Sigstore bundle.

This bundle wraps a DSSE envelope with an In-Toto statement, which is also a format already known and parsed in the Rekor discovery code parts.

So what seems to be missing is mainly accepting and parsing Sigstore Bundles as potential carriers of SBOMs.
This would would change the user experience from having to use multiple tools like:

$ cosign verify-attestation -new-bundle-format --key /path/to/cosign.pub --type cyclonedx <IMAGE> > sbom.cdx.intoto.jsonl
$ trivy sbom ./sbom.cdx.intoto.jsonl

... to only using Trivy like:

$ trivy image --sbom-source oci <IMAGE>

Target

Container Image

Scanner

Vulnerability

[knqyf263]

Thanks for your suggestion. Sounds reasonable.

[RingoDev]

Thanks, I proposed a first working implementation with #9516