Context
fleet-deployment/setup/attest-image.sh currently lives next to its only caller, build-aml-model-image.sh, and sources fleet-deployment/setup/defaults.conf plus the inference-specific VEX at security/vex/inference-base.openvex.json.
The underlying logic (cosign spdxjson + openvex attest, notation sign, oras attach, syft SBOM generation) is image-agnostic. The fleet-specific parts are config (which VEX, which AKV key, which mode) and the build → attest handoff message.
Trigger
Open this work when a second image producer needs SBOM/VEX attestation. Likely candidates already in the repo:
Proposed change
- Promote
attest-image.sh to scripts/security/attest-image.sh as a pure CLI tool: required inputs --image, --mode, --vex-file, --sbom-file, --akv-key-id. No defaults.conf sourcing inside the script.
- Keep per-image config in each component's local
defaults.conf (fleet-deployment/setup/, data-management/viewer/..., evaluation/sil/...). Each component's build script resolves values and invokes the shared tool.
- Move VEX documents to per-image paths under
security/vex/<component>-<image>.openvex.json and update the README docs accordingly.
- Update
fleet-deployment/setup/README.md and any new component READMEs to reference the shared tool.
Out of scope
- Doing this before a second producer exists (would add indirection with no duplication payoff).
- Touching
scripts/security/generate-vex.sh — VEX authoring stays separate from per-image attestation.
Acceptance criteria
Originally discussed on branch feat/aml-model-push-to-acr.
Context
fleet-deployment/setup/attest-image.shcurrently lives next to its only caller,build-aml-model-image.sh, and sourcesfleet-deployment/setup/defaults.confplus the inference-specific VEX atsecurity/vex/inference-base.openvex.json.The underlying logic (cosign
spdxjson+openvexattest, notation sign,oras attach, syft SBOM generation) is image-agnostic. The fleet-specific parts are config (which VEX, which AKV key, which mode) and the build → attest handoff message.Trigger
Open this work when a second image producer needs SBOM/VEX attestation. Likely candidates already in the repo:
data-management/viewer/backend/Dockerfiledata-management/viewer/frontend/Dockerfileevaluation/sil/docker/Dockerfile.lerobot-evalProposed change
attest-image.shtoscripts/security/attest-image.shas a pure CLI tool: required inputs--image,--mode,--vex-file,--sbom-file,--akv-key-id. Nodefaults.confsourcing inside the script.defaults.conf(fleet-deployment/setup/,data-management/viewer/...,evaluation/sil/...). Each component's build script resolves values and invokes the shared tool.security/vex/<component>-<image>.openvex.jsonand update the README docs accordingly.fleet-deployment/setup/README.mdand any new component READMEs to reference the shared tool.Out of scope
scripts/security/generate-vex.sh— VEX authoring stays separate from per-image attestation.Acceptance criteria
scripts/security/attest-image.shexists and is pure (no componentdefaults.confsourcing).fleet-deployment/setup/build-aml-model-image.shinvokes the shared tool with locally-resolved values.security/vex/<component>-<image>.openvex.json.Originally discussed on branch
feat/aml-model-push-to-acr.