Verify Kong Event Gateway image signatures and attestations

TL;DR

Kong Event Gateway images are published to kong/kong-event-gateway on Docker Hub and signed with Cosign using GitHub’s OIDC identity.

List every supply chain artifact attached to an image with cosign tree kong/kong-event-gateway:VERSION, verify the image signature with cosign verify, and verify or extract individual attestations (SBOM, vulnerability scans) with cosign verify-attestation.

Prerequisites

Kong Event Gateway container images and their attestations are signed using Cosign.

Install Cosign 2.4.0 or later by following the installation instructions for your system. Event Gateway signatures use the newer Sigstore bundle format (--new-bundle-format), which earlier Cosign versions can’t verify. Check your version with cosign version.

Unlike some other Kong products, Event Gateway attestations and signatures are attached directly to the image, so you don’t need to set COSIGN_REPOSITORY.

regctl is a Docker and OCI registry client. You will need regctl to gather information about Docker images.

Install regctl by following the installation instructions for your system.

You’ll use jq to parse the JSON attestations that Cosign downloads.

If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.

  1. The following Konnect items are required to complete this tutorial:
    • Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
  2. Set the personal access token as an environment variable:

    export KONNECT_TOKEN='YOUR KONNECT TOKEN'

Kong Event Gateway container images are published to kong/kong-event-gateway on Docker Hub. Each image is signed with Cosign using GitHub’s OIDC identity, and a set of attestations (SBOM, vulnerability scans, and more) is attached to it.

Image signatures and attestations are only available from Event Gateway 1.1.1 onwards. Earlier releases have no supply chain artifacts attached, so the commands on this page won’t return anything for them.

The examples below use kong/kong-event-gateway:1.2.0. Replace the version with the Event Gateway release you want to verify. The signing identity (...@refs/tags/v1.2.0) must match the exact release tag of the image you’re verifying, so keep the version consistent between the image and the --certificate-identity flag.

List the artifacts attached to an image

Use cosign tree to see every signature and attestation attached to an image:

cosign tree kong/kong-event-gateway:1.2.0

The output lists the supply chain artifacts (signatures and attestations) that are stored alongside the image in the registry.

Verify the image signature

  1. Read the manifest digest for the image with regctl and store it in a variable:

     export IMAGE_DIGEST=$(regctl manifest digest kong/kong-event-gateway:1.2.0)
     echo $IMAGE_DIGEST

    This captures the image’s SHA-256 digest so you can reuse it in the commands below, and prints it:

     sha256:...

    Pinning to a digest guarantees you verify exactly the image you’re going to run, even if the tag is later moved to a different image.

  2. Verify the signature with cosign verify:

     cosign verify \
       --new-bundle-format=true \
       -a repo="kong-gateway/event-gateway" \
       -a workflow="CI" \
       --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
       --certificate-identity="https://github.com/kong-gateway/event-gateway/.github/workflows/ci.yaml@refs/tags/v1.2.0" \
       kong/kong-event-gateway@${IMAGE_DIGEST}

    If verification succeeds, the response contains a summary of the checks that were performed:

     Verification for index.docker.io/kong/kong-event-gateway@sha256:... --
     The following checks were performed on each of these signatures:
       - The specified annotations were verified.
       - The cosign claims were validated
       - Existence of the claims in the transparency log was verified offline
       - The code-signing certificate was verified using trusted certificate authority certificates

Verify and inspect attestations

Kong Event Gateway images carry several signed attestations. The most commonly used predicate types are:

Attestation

Predicate type

--type value

SPDX SBOM https://spdx.dev/Document spdxjson
CycloneDX SBOM https://cyclonedx.org/bom cyclonedx
Vulnerability scan (SARIF) https://cosign.sigstore.dev/sarif/vuln/... vuln
CIS Docker benchmark https://cisecurity.org/docker/... (use the full URL)

The exact set of attestations can change between releases. Use cosign tree to see the authoritative list for the image you’re verifying.

To verify an attestation’s signature and print its contents, use cosign verify-attestation with the matching --type. For example, to verify the SPDX SBOM, run:

cosign verify-attestation \
  --type="spdxjson" \
  --certificate-oidc-issuer="https://token.actions.githubusercontent.com" \
  --certificate-identity="https://github.com/kong-gateway/event-gateway/.github/workflows/ci.yaml@refs/tags/v1.2.0" \
  kong/kong-event-gateway@${IMAGE_DIGEST}

For predicate types that don’t have a built-in alias, pass the full predicate type URL to --type instead. For example: --type="https://cisecurity.org/docker/amd64".

Extract the SBOM

To save the SPDX SBOM to a file, download the attestations and filter for the SBOM predicate type with jq:

cosign download attestation kong/kong-event-gateway@${IMAGE_DIGEST} \
  | jq -r 'select((.dsseEnvelope.payload // .payload | @base64d | fromjson | .predicateType) == "https://spdx.dev/Document") | (.dsseEnvelope.payload // .payload) | @base64d | fromjson | .predicate' \
  > sbom.spdx.json

This writes the SBOM document to sbom.spdx.json, which you can then feed into your SBOM tooling. To extract the CycloneDX SBOM instead, replace the predicate type with https://cyclonedx.org/bom.

Validate the extracted SBOM

Confirm that the extracted file is valid JSON and contains the expected SPDX fields:

jq -e '.spdxVersion and (.packages | length > 0)' sbom.spdx.json \
  && echo "Valid SPDX SBOM with $(jq '.packages | length' sbom.spdx.json) packages"

If the file is a well-formed SPDX SBOM, the command prints true followed by the package count. If jq reports a parse error or the expression evaluates to false, the download or filter step didn’t produce a valid document. Re-check the predicate type and confirm the previous commands completed successfully.

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!