Security disclosure (v2)
At Aleph Alpha, we prioritise the security and sovereignty of your data throughout all layers of the Pharia AI suite, ensuring robust protection while maintaining full compliance with industry standards. We conduct regular vulnerability scanning and implement comprehensive security measures to safeguard your installation while providing you with complete control over your confidential information.
This page describes the new Cosign-based security approach that we are implementing across all public images during Q4/2025.
This replaces the legacy ORAS-based approach described in the Security Disclosure (v1) page.
If an image you're working with doesn't support Cosign signatures as described here, it may still be using the legacy ORAS flow.
Determining which flow your image uses
Use image signature verification as a discriminator to determine whether your image uses the new Cosign flow or the legacy ORAS flow:
Quick test
# Download the verification script
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
chmod +x cosign-verify-image.sh
# Test image signature verification
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25
Results interpretation:
- ✅ Signature verification succeeds → Image uses the new Cosign flow (follow this documentation)
- ❌ Signature verification fails → Image uses the legacy ORAS flow (see Legacy section below)
Legacy (ORAS) images
Some older images may still use ORAS attachments instead of Cosign signatures and attestations. These images:
- Are not cryptographically signed (no image signatures)
- Use ORAS attachments for SBOMs and vulnerability reports
- Have different artifact types:
application/aa.trivy.sbom,application/aa.trivy.report, etc.
Working with legacy images
For legacy images that fail signature verification, use the ORAS-based approach documented in Security Disclosure (ORAS).
Migration timeline: All images will be migrated to the new Cosign flow by end of Q4/2025. Prefer Cosign-based images whenever available.
Image signing & attestations
Image signatures
Every Pharia AI container image is cryptographically signed using Cosign with keyless signing (OIDC). This provides:
- Authenticity: Proof that the image comes from Aleph Alpha's official build infrastructure
- Integrity: Guarantee that the image hasn't been tampered with since signing
- Non-repudiation: Cryptographic evidence of who built and signed the image
- Supply chain security: Protection against image substitution attacks
The signatures are bound to the exact image digest and use GitHub Actions OIDC tokens, making them verifiable and traceable back to our official workflows.
Why this matters: Before running any container, you should verify its signature to ensure you're running authentic Aleph Alpha software and not a potentially malicious substitute.
Cosign attestations (what we attach to every image)
We now sign each image and attach attestations (signed JSON metadata) using Cosign, generated primarily from Trivy at build time. Attestations are bound to the exact image digest and let you verify both authenticity and security posture.
We publish these attestation types:
-
SBOM (CycloneDX)
Complete dependency inventory for the image. -
SPDX metadata
Package and license data in SPDX format for compliance workflows. -
Trivy vulnerability report
Build-time CVE findings as JSON (same content you’d get by running Trivy yourself). -
Triage whitelist
.trivyignorewith accepted/justified findings to make risk treatment explicit. -
License disclosure
Machine-readable license summary across all detected packages. -
SLSA Provenance
A SLSA v1 provenance attestation (predicate typehttps://slsa.dev/provenance/v1) describing who built the image, from what source, with which workflow, and for which digest.
We also continue to generate a CycloneDX SBOM and an SPDX document so you can choose the format that fits your compliance tooling best.
Verifying image signatures
Before extracting attestations, you should first verify the image signature to ensure you're working with authentic Aleph Alpha software.
Using the cosign-verify-image.sh script
We provide a dedicated script for verifying container image signatures, available in our public support repository.
Download the image verification script
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
chmod +x cosign-verify-image.sh
Basic image verification
# Verify with default Aleph Alpha settings
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25
# Verify with verbose output
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verbose
Advanced verification options
# Verify with specific workflow identity
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
--certificate-identity "https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/build-and-push.yaml@refs/heads/main"
# Save signature and certificate for analysis
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
--output-signature signature.sig --output-certificate cert.pem
Default verification settings
The script uses these default settings for Aleph Alpha images:
- OIDC Issuer:
https://token.actions.githubusercontent.com(GitHub Actions) - Identity Pattern: Aleph Alpha shared workflows (
https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/(build-and-push|scan-and-attest).yaml@.*) - Rekor URL:
https://rekor.sigstore.dev(Sigstore transparency log)
For complete usage information, see the image verification script documentation.
Retrieving & verifying Cosign attestations
Prerequisites
Before using the Cosign attestation tools, ensure you have the following dependencies installed:
Required tools
| Tool | Minimum Version | Purpose | Installation |
|---|---|---|---|
| bash | 4.0+ | Shell environment | Usually pre-installed on Linux/macOS |
| jq | 1.7.1+ | JSON processing | Download & install |
| crane | 0.20.6+ | Container registry operations | Installation guide |
| oras | 1.3.0+ | OCI registry client | Installation guide |
| cosign | 3.0.2+ | Signature verification (required for --verify option) | Installation guide |
Optional: JFrog authentication
If your environment requires authentication to the Aleph Alpha registry:
cosign login alephalpha.jfrog.io
You can verify your tool installations by running:
bash --version && jq --version && crane version && oras version && cosign version
Using the cosign-extract.sh script
We provide a powerful helper script available in our public support repository that handles both extraction and cryptographic verification of attestations. The script automatically uses --new-bundle-format and enforces identity policies for security.
Download the script
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-extract.sh
chmod +x cosign-extract.sh
Basic usage
./cosign-extract.sh --type <type> --image <image> [--output <file>] [--verify]
Supported attestation types
slsa- SLSA Provenance v1cyclonedx- CycloneDX SBOMspdx- SPDX Documentvuln- Vulnerability Reporttriage- Triage Datalicense- License Informationcustom- Custom Attestation
Basic extraction examples
Extract specific attestation types:
# Extract SLSA provenance
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output slsa.provenance.json
# Extract CycloneDX SBOM
./cosign-extract.sh --type cyclonedx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output sbom.cdx.json
# Extract SPDX document
./cosign-extract.sh --type spdx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output sbom.spdx.json
# Extract vulnerability report
./cosign-extract.sh --type vuln --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output trivy-report.json
# Extract triage whitelist
./cosign-extract.sh --type triage --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --output triage.trivyignore
Extract all attestations:
# Extract all attestation types to a directory
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --choice all --output ./attestations/
Cryptographic verification examples
The script supports cryptographic verification using Cosign to ensure authenticity and integrity:
# Verify and extract SLSA provenance
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --output slsa.provenance.json
# Verify and extract SBOM with default Aleph Alpha identity policy
./cosign-extract.sh --type cyclonedx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --output sbom.cdx.json
# Verify with custom identity pattern
./cosign-extract.sh --type spdx --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify \
--certificate-identity-regexp "https://github.com/myorg/.*/.github/workflows/.*" \
--output sbom.spdx.json
Verification-only mode
Use --no-extraction to perform verification without extracting content (useful for CI/CD pipelines):
# Just verify that SLSA provenance exists and is valid
./cosign-extract.sh --type slsa --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --verify --no-extraction
# Verify all attestations are properly signed
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --choice all --verify --no-extraction
Discovery and inspection
# List available attestations for an image
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --list
# Inspect referrers with missing predicate types
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 --inspect-null
Default verification settings
When using --verify, the script uses these default settings:
- OIDC Issuer:
https://token.actions.githubusercontent.com(GitHub Actions) - Identity Pattern: Aleph Alpha shared workflows (
https://github.com/Aleph-Alpha/shared-workflows/.github/workflows/(build-and-push|scan-and-attest).yaml@.*)
For complete usage information and advanced options, see the script documentation.
Recommended customer workflow
- Download the scripts from our support repository.
- Resolve the image (tag or digest).
- Verify the image signature first to ensure authenticity.
- Verify SLSA provenance with
--verifyflag. - Fetch SBOM/SPDX for compliance with verification.
- Fetch vulnerability & triage for risk management.
- Archive results for audits (ISO 27001, SOC 2, AIC4, etc.).
Example complete workflow:
# Download both scripts
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-verify-image.sh
curl -O https://raw.githubusercontent.com/Aleph-Alpha/support/main/cosign-extract.sh
chmod +x cosign-verify-image.sh cosign-extract.sh
# Step 1: Verify the image signature
./cosign-verify-image.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25
# Step 2: Verify and extract all attestations
./cosign-extract.sh --image alephalpha.jfrog.io/pharia-studio-images/studio-backend:v0.1.25 \
--choice all --verify --output ./attestations/
Why this matters
- Integrity – Cosign signatures & OIDC certs prove the image comes from Aleph Alpha CI.
- Provenance – SLSA links digest → repo → workflow → build inputs.
- Transparency – SBOM & SPDX make dependencies & licenses explicit.
- Security – Trivy reports & Triage provide clear vulnerability treatment.