Description

I'd like the ability to sign an in-toto Statement that I generate with other tooling with Sigstore and then later use Sigstore to verify the Signature on the attestation while leaving evaluation of the contents of the attestation to other custom tooling.

cosign currently supports signing arbitrary in-toto predicates via cosign attest-blob --predicate <FILE> --type <TYPE> -hash <HASH> ... (docs), but this does not work at the Statement layer.

That works well if the user doesn't need any control over the subject field beyond specifying the sha256 digest. However there are some cases (like signing the verification summary for the SLSA Source track), where the ability to use custom digests in the subject and to set annotations on subjects is required.

FWIW this capability has also been requested in gitsign but would be specific to git repos and would not support non-git usage. (There's also been a question raised of if it would be helpful to have this in a tool that is currently supported or not CC @steiza).

A nice workflow might look something like:

Generate

# Outputs an unsigned vuln predicate like https://github.com/in-toto/attestation/blob/main/spec/predicates/vulns_02.md
$ vuln_scan_repo github.com/foo/bar --output vulns.intoto.json.unsigned
Scanned COMMIT abc123
# Signs the statement using Sigstore, storing the results in a bundle for later use
$ cosign attest-blob --statement vulns.intoto.json.unsigned --bundle vulns.intoto.json

Use

# Check the signature...
$ cosign verify-blob-attestation --statement-only --bundle vulns.intoto.json --output-file vulns.intoto.json.unsigned
# Process the results, failing if there are any critical vulns
$ vuln_scan_check --no-critical vulns.intoto.json.unsigned
COMMIT abc123 PASS

FWIW verify-blob-attestation seems to require a blob to compute the digest itself, that won't be available in this case and should not be required.