Feature request
When Tekton Chains signs attestations with Fulcio (keyless) and transparency.enabled=true, it uploads the entry to Rekor and stores the Rekor entry ID as a chains.tekton.dev/transparency annotation on the TaskRun/PipelineRun object. However, it does not embed the Rekor bundle response (dev.sigstore.cosign/bundle) in the OCI attestation layer annotations when storing attestations to an OCI registry.
This prevents offline signature verification of attestations signed by Tekton Chains, since cosign's VerifyBundle requires the embedded dev.sigstore.cosign/bundle annotation containing the SignedEntryTimestamp and integratedTime to verify expired Fulcio certificates without a live Rekor connection.
In contrast, attestations created directly via cosign attest (with the same Fulcio + Rekor configuration) do embed the Rekor bundle in the OCI layer annotations, enabling offline verification.
For example, here is attestation manifest for image quay.io/gbenhaim-apps/default-tenant/sample-component-golang-eccc9@sha256:5430ddf3da8e14d42b0073ed1f5a8ca221222d01f2caf4925c01a8ab003f637e:
Layer 1 — SPDX SBOM (signed by build pipeline using cosign attest):
{
"mediaType": "application/vnd.dsse.envelope.v1+json",
"digest": "sha256:137def354c6c2b555b64b729b70f82210b1ee06cfee5048214a3c1737eb8b94f",
"annotations": {
"dev.cosignproject.cosign/signature": "",
"dev.sigstore.cosign/bundle": "{\"SignedEntryTimestamp\":\"MEQCI...\",\"Payload\":{...\"integratedTime\":1774390772,\"logIndex\":1,...}}",
"dev.sigstore.cosign/certificate": "-----BEGIN CERTIFICATE-----\n...",
"dev.sigstore.cosign/chain": "-----BEGIN CERTIFICATE-----\n..."
}
}
Certificate SAN: https://kubernetes.io/namespaces/default-tenant/serviceaccounts/build-pipeline-sample-component-golang-eccc9 Has dev.sigstore.cosign/bundle — offline verification works.
Layer 2 — SLSA Provenance (signed by Tekton Chains controller):
{
"mediaType": "application/vnd.dsse.envelope.v1+json",
"digest": "sha256:2711790046f4db36cc5bf9351ad8ffde3e1900b1cdf213b3614825086341a023",
"annotations": {
"dev.sigstore.cosign/certificate": "-----BEGIN CERTIFICATE-----\n...",
"dev.sigstore.cosign/chain": "-----BEGIN CERTIFICATE-----\n..."
}
}
Certificate SAN: https://kubernetes.io/namespaces/tekton-pipelines/serviceaccounts/tekton-chains-controller Missing dev.sigstore.cosign/bundle — offline verification fails.
Use case
Offline verification of attestation signed keyless.
Feature request
When Tekton Chains signs attestations with Fulcio (keyless) and transparency.enabled=true, it uploads the entry to Rekor and stores the Rekor entry ID as a chains.tekton.dev/transparency annotation on the TaskRun/PipelineRun object. However, it does not embed the Rekor bundle response (dev.sigstore.cosign/bundle) in the OCI attestation layer annotations when storing attestations to an OCI registry.
This prevents offline signature verification of attestations signed by Tekton Chains, since cosign's VerifyBundle requires the embedded dev.sigstore.cosign/bundle annotation containing the SignedEntryTimestamp and integratedTime to verify expired Fulcio certificates without a live Rekor connection.
In contrast, attestations created directly via cosign attest (with the same Fulcio + Rekor configuration) do embed the Rekor bundle in the OCI layer annotations, enabling offline verification.
For example, here is attestation manifest for image quay.io/gbenhaim-apps/default-tenant/sample-component-golang-eccc9@sha256:5430ddf3da8e14d42b0073ed1f5a8ca221222d01f2caf4925c01a8ab003f637e:
Layer 1 — SPDX SBOM (signed by build pipeline using cosign attest):
Certificate SAN: https://kubernetes.io/namespaces/default-tenant/serviceaccounts/build-pipeline-sample-component-golang-eccc9 Has dev.sigstore.cosign/bundle — offline verification works.
Layer 2 — SLSA Provenance (signed by Tekton Chains controller):
Use case
Offline verification of attestation signed keyless.