Security disclosure (v2)

At Aleph Alpha, we prioritise the security and sovereignty of your data throughout all layers of the PhariaAI suite, ensuring robust protection while maintaining full compliance with industry standards. We conduct regular vulnerability scanning and implement comprehensive security measures to safeguard your installation while providing you with complete control over your confidential information.

New Security Approach

This page describes the new Cosign-based security approach that we are implementing across all public images during Q4/2025.
This replaces the legacy ORAS-based approach described in Security disclosure (v1). If you are working with an image that does not support Cosign signatures as described here, it may still be using the legacy ORAS flow.


Determining which flow your image uses

Use image signature verification as a discriminator to determine whether your image uses the new Cosign flow or the legacy ORAS flow:

# Download the verification script
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
chmod +x cosign-verify-image.sh

# Test image signature verification
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25

The results can be interpreted as follows:

  • Signature verification succeeds → The image uses the new Cosign flow (follow this documentation).

  • Signature verification fails → The image uses the legacy ORAS flow (see the legacy section below).

Legacy (ORAS) images

Some older images may still use ORAS attachments instead of Cosign signatures and attestations. These images:

  • are not cryptographically signed (no image signatures);

  • use ORAS attachments for SBOMs and vulnerability reports;

  • have different artifact types: application/aa.trivy.sbom, application/aa.trivy.report, and so on.

Working with legacy images

For legacy images that fail signature verification, use the ORAS-based approach documented in Security disclosure (v1).

Migration timeline: All images will be migrated to the new Cosign flow by end of Q4/2025. Prefer Cosign-based images whenever available.

Image signing and attestations

Image signatures

Every PhariaAI container image is cryptographically signed using Cosign with keyless signing (OIDC). This provides:

  • Authenticity: Proof that the image comes from Aleph Alpha’s official build infrastructure

  • Integrity: Guarantee that the image has not been tampered with since signing

  • Non-repudiation: Cryptographic evidence of who built and signed the image

  • Supply chain security: Protection against image substitution attacks

The signatures are bound to the exact image digest and use GitHub Actions OIDC tokens, making them verifiable and traceable back to our official workflows.

Why this matters: Before running any container, verify its signature to ensure you are running authentic Aleph Alpha software and not a potentially malicious substitute.

Cosign attestations (what we attach to every image)

We now sign each image and attach attestations (signed JSON metadata) using Cosign, generated primarily from Trivy at build time. Attestations are bound to the exact image digest and let you verify both authenticity and security posture.

We publish the following attestation types:

  • SBOM (CycloneDX): Complete dependency inventory for the image.

  • SPDX metadata: Package and license data in SPDX format for compliance workflows.

  • Trivy vulnerability report: Build-time CVE findings as JSON. This is the same content you would generate by running Trivy yourself.

  • Triage whitelist: .trivyignore with accepted/justified findings to make risk treatment explicit.

  • License disclosure: Machine-readable license summary across all detected packages.

  • SLSA Provenance: An SLSA v1 provenance attestation (predicate type https://slsa.dev/provenance/v1) describing who built the image, from what source, with which workflow, and for which digest.

We also continue to generate a CycloneDX SBOM and an SPDX document so you can choose the format that fits your compliance tooling best.

Verifying image signatures

Before extracting attestations, you should first verify the image signature to ensure you are working with authentic Aleph Alpha software.

Using the cosign-verify-image.sh script

We provide a dedicated script for verifying container image signatures, available in our public support repository.

Download the image verification script

curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
chmod +x cosign-verify-image.sh

Basic image verification

# Verify with default Aleph Alpha settings
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25

# Verify with verbose output
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verbose

Advanced verification options

# Verify with specific workflow identity
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
  --certificate-identity "https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/build-and-push.yaml@refs/heads/main"

# Save signature and certificate for analysis
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
  --output-signature signature.sig --output-certificate cert.pem

Default verification settings

The script uses these default settings for Aleph Alpha images:

  • OIDC Issuer: https://token.actions.githubusercontent.com (GitHub Actions)

  • Identity Pattern: Aleph Alpha shared workflows (https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/(build-and-push|scan-and-attest).yaml@.*)

  • Rekor URL: https://rekor.sigstore.dev (Sigstore transparency log)

For complete usage information, see the image verification script documentation.

Retrieving and verifying Cosign attestations

Prerequisites

Before using the Cosign attestation tools, ensure you have the following dependencies installed:

Required tools

Tool Minimum Version Purpose Installation

bash

4.0+

Shell environment

Usually pre-installed on Linux/macOS

jq

1.7.1+

JSON processing

Download & install

crane

0.20.6+

Container registry operations

Installation guide

oras

1.3.0+

OCI registry client

Installation guide

cosign

3.0.2+

Signature verification (required for --verify option)

Installation guide

Optional: JFrog authentication

If your environment requires authentication to the Aleph Alpha registry:

cosign login alephalpha.jfrog.io

You can verify your tool installations by running:

bash --version && jq --version && crane version && oras version && cosign version

Using the cosign-extract.sh script

We provide a powerful helper script available in our public support repository that handles both extraction and cryptographic verification of attestations. The script automatically uses --new-bundle-format and enforces identity policies for security.

Download the script

curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-extract.sh
chmod +x cosign-extract.sh

Basic usage

./cosign-extract.sh --type <type> --image <image> [--output <file>] [--verify]

Supported attestation types

  • slsa - SLSA Provenance v1

  • cyclonedx - CycloneDX SBOM

  • spdx - SPDX Document

  • vuln - Vulnerability Report

  • triage - Triage Data

  • license - License Information

  • custom - Custom Attestation

Basic extraction examples

Extract specific attestation types:

# Extract SLSA provenance
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output slsa.provenance.json

# Extract CycloneDX SBOM
./cosign-extract.sh --type cyclonedx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output sbom.cdx.json

# Extract SPDX document
./cosign-extract.sh --type spdx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output sbom.spdx.json

# Extract vulnerability report
./cosign-extract.sh --type vuln --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output trivy-report.json

# Extract triage whitelist
./cosign-extract.sh --type triage --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output triage.trivyignore

Extract all attestations:

# Extract all attestation types to a directory
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --choice all --output ./attestations/

Cryptographic verification examples

The script supports cryptographic verification using Cosign to ensure authenticity and integrity:

# Verify and extract SLSA provenance
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --output slsa.provenance.json

# Verify and extract SBOM with default Aleph Alpha identity policy
./cosign-extract.sh --type cyclonedx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --output sbom.cdx.json

# Verify with custom identity pattern
./cosign-extract.sh --type spdx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify \
  --certificate-identity-regexp "https://github.com/myorg/.*/.github/workflows/.*" \
  --output sbom.spdx.json

Verification-only mode

Use --no-extraction to perform verification without extracting content (useful for CI/CD pipelines):

# Just verify that SLSA provenance exists and is valid
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --no-extraction

# Verify all attestations are properly signed
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --choice all --verify --no-extraction

Discovery and inspection

# List available attestations for an image
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --list

# Inspect referrers with missing predicate types
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --inspect-null

Default verification settings

When using --verify, the script uses these default settings: - OIDC Issuer: https://token.actions.githubusercontent.com (GitHub Actions) - Identity Pattern: Aleph Alpha shared workflows (https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/(build-and-push|scan-and-attest).yaml@.*)

For complete usage information and advanced options, see the script documentation.

  1. Download the scripts from our support repository.

  2. Resolve the image (tag or digest).

  3. Verify the image signature first to ensure authenticity.

  4. Verify SLSA provenance with --verify flag.

  5. Fetch SBOM/SPDX for compliance with verification.

  6. Fetch vulnerability and triage for risk management.

  7. Archive results for audits (ISO 27001, SOC 2, AIC4, and so on).

Example complete workflow:

# Download both scripts
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-extract.sh
chmod +x cosign-verify-image.sh cosign-extract.sh

# Step 1: Verify the image signature
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25

# Step 2: Verify and extract all attestations
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
  --choice all --verify --output ./attestations/

Why this matters

  • Integrity – Cosign signatures and OIDC certs prove the image comes from Aleph Alpha CI.

  • Provenance – SLSA links digest → repo → workflow → build inputs.

  • Transparency – SBOM and SPDX make dependencies and licenses explicit.

  • Security – Trivy reports and Triage provide clear vulnerability treatment.