Signature and SLSA attestation for all Carvel artifacts

[ThomasVitale]

Describe the problem/challenge you have

Currently, the artefacts produced by the different Carvel projects (binaries, images, bundles) are not signed. It would be nice if they were all signed to help with the implementation of supply chain security practices on the consumer side, requiring verification and provenance attestation of any third-party tool.

More and more cloud native projects started adopting Sigstore for signing and verifying artefacts. It would be great if all Carvel artefacts were signed with Sigstore cosign. There's a "Sigstore Landscape" in the OpenSSF with all the projects using Sigstore. It would be nice to include Carvel there. For GitHub based builds, the official Sigstore GitHub Action to install cosign could be used.

As part of improving supply chain security, SLSA provides a framework to guarantee the integrity of software artefacts, with different levels of compliance.

One of the main concepts introduced by SLSA is the provenance "to trace software back to the source and define the moving parts in a complex supply chain". It's defined as "the verifiable information about software artifacts describing where, when and how something was produced".

It would be a great addition to Carvel if all the project artefacts were not only signed, but also provided with a signed provenance attestation following the standard in-toto format. Such attestation would contain information about how each artifact was built. For GitHub-based builds, there is an attestation generator provided by the SLSA project: https://github.com/slsa-framework/slsa-github-generator.

[ThomasVitale]

Interesting info about how other projects handled this:

• Flux CD
• Argo CD

[ThomasVitale]

I've started working on an RFC for this. I will publish a first draft here soon.

[ThomasVitale]

Signatures are now implemented for all Carvel artifacts (see #691).
Next step will be adding SLSA attestations and SBOMs. I'm working on a followup RFC for that.