[REVIEW] pipeline-security: add artifact integrity evidence gates

[yanziwei]

Review request

Please review a focused improvement for skills/devsecops/pipeline-security/SKILL.md.

Problem

The pipeline security skill evaluates CICD-SEC-9 for artifact signing, provenance, SBOMs, and digest pinning, but it does not require evidence that those artifacts are bound together and verified before deployment. A pipeline can generate signatures, SBOMs, and provenance while deployments still pull mutable tags or skip verification entirely.

Proposed change

• Add artifact integrity evidence requirements before marking CICD-SEC-9 as passing.
• Require artifact, build run, digest, signature, signing identity, provenance, SBOM, verification command/policy, and deployment reference.
• Add an artifact integrity evidence table and evidence field in detailed findings.
• Add common pitfalls for generated-but-not-enforced attestations and mixed evidence from different artifacts/builds.

Bounty request

Reviewer tier: Improver Review / USD 25 if accepted under the current review bounty process.

[yanziwei]

Submitted implementation PR: #1825

[JamesJi79]

/attempt

[JamesJi79]

VALID GAP — Pipeline Artifact Integrity

Why Valid (FP confirmed)

A CI pipeline that builds a Docker image and pushes to ECR without cosign signing is flagged as an integrity gap. However, when the pipeline enforces branch protection, required reviews, and the ECR repository has immutable tags enabled, the practical tamper surface is reduced. The skill flags all unsigned artifacts equally without checking compensating registry controls.

Coverage Gaps

Gap 1 — Ephemeral build environment tampering — CI pipeline runs on ephemeral runners that install dependencies from public registries (npm, PyPI, Maven). A compromised dependency at build time injects malicious code into the artifact before any signing step — signing happens after the compromise. The skill checks artifact-level integrity but not build-time supply chain.

Gap 2 — Promotion between environments — Artifact is signed in dev but the promotion to staging/prod uses the same tag (immutable tags prevent this, but mutable tags allow tag-swapping). The skill checks the build-time signature but not the deploy-time tag immutability.

Gap 3 — SBOM verification — An artifact's SBOM lists dependencies, but the SBOM itself is not verified against the actual built artifact. A rebuild with different dependency resolution produces a different SBOM than documented.

Suggested Gates

1. PLN-BT-01: Verify dependency integrity at build time (lock files + checksum verification for all fetched dependencies). Evidence: npm audit / pip audit / maven verify passing.
2. PLN-PR-01: Require immutable tags or digest-based promotion across environments. Evidence: registry config enforcing immutability, deploy manifest using SHA256 digest.
3. PLN-SB-01: Verify SBOM matches actual built artifact. Evidence: syft/trivy generated SBOM compared against declared SBOM for mismatch.

[tiandashu]

Implemented this review gap in PR #2000: #2000

[shensz2017]

/attempt

[shensz2017]

Review - pipeline artifact integrity evidence gates

I reviewed the request and implementation PR #1825. This is a valid gap and I would accept it for the bounty.

What is covered well:

• Adds an artifact integrity table tying together artifact, build run, immutable digest, signature, signing identity, provenance, SBOM, verification policy, and deployment reference.
• Correctly distinguishes generated attestations from enforced integrity checks.
• Requires the SBOM and provenance to refer to the same artifact digest or build run as the signed artifact.
• Flags mutable-tag deployments when evidence is only bound to a different digest.

Minor follow-up, not a blocker: the evidence table could include the deployment environment or admission-controller name, so enforcement is traceable in multi-cluster deployments. The core bounty requirement is met because the PR requires digest-bound evidence and pre-deploy verification.