In this post I show how you can create attestations for SBOM documents that you have created for your application or Nuget package.

Supply chain security and attestations

In the last couple of posts on my blog, I've been looking at some of the potential steps you can take to be a good citizen in the software ecosystem by providing confidence in the artifacts you produce. In particular, I've been looking at some of the steps you can take related to software provenance.

Initially, I looked at how you can produce provenance attestations for your NuGet packages (or other applications), by adding an easy-to-use GitHub Action to your build workflow.

A provenance attestation provides a common format for describing how your artifact was built, the environment it was built in, the build definition that produced it, the build run that produced it, and more.

Providing an attestation doesn't automatically improve the security of downstream projects consuming your NuGet package; consumers must make sure they verify the attestation, but it provides one building block for securing the software supply chain.

In the subsequent post I showed how you can create a Software Bill of Materials (SBOM). I used a variety of different tools, and showed how the resulting document varies somewhat based on the tool you use, but they all provide a standard document that can be processed by machines.

An SBOM describes the various packages and dependencies that go into creating a software artifact such as an application or a package. An SBOM gives visibility into what components your software contains, including any components with known vulnerabilities, as well as any potential compliance or licensing issues or supply chain risks.

In this post, I show how you can combine the two concepts. As well as providing provenance attestations for your package itself, you can also provide attestations for the SBOM associated with the package. This ensures that consumers can trust that the SBOM provided has not been tampered with, and provides guarantees about when, where, and how it was generated.

Generating attestations for an SBOM

The good news is that if you've already followed the previous two posts, you're already most of the way there. In the first post about generating attestations, I showed the actions/attest-build-provenance GitHub Action you can use to generate provenance for an artifact. In this post, we use the actions/attest-sbom GitHub action that generates a signed SBOM attestation for SBOMs.

As a reminder, there are a variety of standard formats you can choose for an SBOM, but two of the most popular appear to be System Package Data Exchange (SPDX) and CycloneDX. Both of these formats have a JSON document option, are specified as standards (ISO/IEC 5692:2021 for SPDX, ECMA-424 for CycloneDX), and can be generated using a wide variety of open source tools.

The actions/attest-sbom GitHub action works with both SPDX and CycloneDX JSON documents, so you can use whichever tools you prefer to generate the SBOM. The attestation creation process itself is essentially identical to the flow used by actions/attest-build-provenance for artifact provenance, using GitHub's Sigstore client.

You can read more about the attestation process in my previous post or in the official documentation. in this post I'm going to go straight to an example.

Updating a workflow to generate SBOM attestations

In this post I'm going to start with an existing workflow that already generates an SBOM. The details of how it generates the SBOM aren't important at this stage (see the previous post from some possible approaches). All that matters here is that we have the artifact, and we have the corresponding SBOM.

The following initial workflow builds a .NET NuGet package and generates a CycloneDX SBOM JSON document using the CycloneDX/gh-dotnet-generate-sbom GitHub Action. This GitHub action has fewer configuration parameters than the .NET module I showed in my previous post, but it does the job for this post:

name: BuildAndPack

on:
  push:
    branches: ["main" ]
    tags: ['*']
  pull_request:
    branches: ['*']

jobs:
  build-and-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
        with:
          dotnet-version: "9.0.x"

      - name: Build and pack
        run: dotnet pack -c Release

      - name: Push to NuGet
        run: dotnet nuget push artifacts/packages/NetEscapades.AspNetCore.SecurityHeaders.nupkg
        env:
          NuGetToken: ${{ secrets.NUGET_TOKEN }}

      - name: Generate JSON SBOM
        uses: CycloneDX/gh-dotnet-generate-sbom@c183e4ac30e5b99354cb9a98c38548e07c538346 # v1.0.1
        with:
          path: ./src/NetEscapades.AspNetCore.SecurityHeaders/NetEscapades.AspNetCore.SecurityHeaders.csproj
          out: ./artifacts/sboms
          json: true
          github-bearer-token: ${{ secrets.GITHUB_TOKEN }}

In the workflow above we are building the NetEscapades.AspNetCore.SecurityHeaders.nupkg package into the artifacts/packages folder, and then generating an SBOM in the artifacts/sboms folder called bom.json.

To generate an attestation, we simply need to add a step that uses the actions/attest-sbom action and pass in the following values:

• subject-path: the path to the artifact; the .nupkg file in this case.
• sbom-path: the path to the SBOM

- name: Attest package
  uses: actions/attest-sbom@115c3be05ff3974bcbd596578934b3f9ce39bf68 # v2.2.0
  with:
    subject-path: artifacts/packages/NetEscapades.AspNetCore.SecurityHeaders.nupkg
    sbom-path: artifacts/sboms/bom.json

As when we generated the artifact provenance, we need to add some additional permissions to our workflow, so that the attestation action can access the OpenID Connect token and create attestations:

permissions:
  id-token: write
  attestations: write

And that's it. Putting it all together, the full workflow looks something like the following:

name: BuildAndPack

on:
  push:
    branches: ["main" ]
    tags: ['*']
  pull_request:
    branches: ['*']

jobs:
  build-and-test:
    # 👇 Add these permissions
    permissions:
      id-token: write
      attestations: write
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1
        with:
          dotnet-version: "9.0.x"

      - name: Build and pack
        run: dotnet pack -c Release

      - name: Push to NuGet
        run: dotnet nuget push artifacts/packages/NetEscapades.AspNetCore.SecurityHeaders.nupkg
        env:
          NuGetToken: ${{ secrets.NUGET_TOKEN }}

      - name: Generate JSON SBOM
        uses: CycloneDX/gh-dotnet-generate-sbom@c183e4ac30e5b99354cb9a98c38548e07c538346 # v1.0.1
        with:
          path: ./src/NetEscapades.AspNetCore.SecurityHeaders/NetEscapades.AspNetCore.SecurityHeaders.csproj
          out: ./artifacts/sboms
          json: true
          github-bearer-token: ${{ secrets.GITHUB_TOKEN }}

      # 👇 Add this attestation step
      - name: Attest package
        uses: actions/attest-sbom@115c3be05ff3974bcbd596578934b3f9ce39bf68 # v2.2.0
        with:
          subject-path: artifacts/packages/NetEscapades.AspNetCore.SecurityHeaders.nupkg
          sbom-path: artifacts/sboms/bom.json

Note that in the above workflow we're generating an SBOM and attestation for every PR as well as on branches etc. The process is pretty lightweight, but depending on your requirements, you might want to only generate these when doing a release, for example.

Viewing the output of the attestation

The critical output of the actions/attest-sbom action is a Sigstore bundle JSON document, which looks something like the following:

{
  "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json",
  "verificationMaterial": {
    "tlogEntries": [
      {
        "logIndex": "173522574",
        "logId": {
          "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="
        },
        "kindVersion": {
          "kind": "dsse",
          "version": "0.0.1"
        },
        "integratedTime": "1740260580",
        "inclusionPromise": {
          "signedEntryTimestamp": "MEUCIBvt4HJQodZKrcVOFJ8bC2OyoxWV9adYct+KQ29AvdG+AiEAixnnlFPEpJYArVmej1xHLCsfITAYwTeqIYPN3+Lg2FU="
        },
        "inclusionProof": {
          "logIndex": "51618312",
          "rootHash": "/tkGrRms2LHwgOrsRiRe/GxbSerTzyibuLiiqvsd3Og=",
          "treeSize": "51618314",
          "hashes": [
            "q/dkAjxeUynkKYxXPenKThynxTZvMRLpbWJ/F4nvfHc=",
            "GLHBWB7fj2mHeqnYei5qghe1Rwf1Ryx0m2ow4hQBjDA=",
            "5KGpxQ+6EoREdhANHkfdmiMhMl/UH5p9fUvEc3c6mbA=",
            "CG1EBVfzTcx/tcgBJXeLIkUKxmJoDY7oMcTXiz3cwcs=",
            "AN36Jdc//SuaAqKodEza6ZI445Iq7K6NiBc6gQKMPjk=",
            "uv/35HjaIqySZ59LkCidkK09c3zuQ4ZGcfn0njiWG6U=",
            "D13BynaH2+rwdR+r2tnUFQcSQVSCCs0wbF5EIEgxb/4=",
            "g23ss+32Z0Vik2ybu098JI/jK1u3k4chLVBZCi3AumY=",
            "ebCKJ53lKWPqIx8mXXgznF9DGoQv70J7JTlFAav6s5E=",
            "vemyaMj0Na1LMjbB/9Dmkq8T+jAb3o+yCESgAayUABU="
          ],
          "checkpoint": {
            "envelope": "rekor.sigstore.dev - 1193050959916656506\n51618314\n/tkGrRms2LHwgOrsRiRe/GxbSerTzyibuLiiqvsd3Og=\n\n— rekor.sigstore.dev wNI9ajBGAiEApPeea+8Jsz1H5l1TwYIpWd8Hp493eFzJe+Me75klP/MCIQDpsL20JctwgKPzmaGeaa5e+liHlIkEvq/TRJdUEkKULg==\n"
          }
        },
        "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMTAxN2E4N2ExMjFiZDA4YmIxNzMwMTlkYzViOGIyOTM5YjQwYTMzZTYwMGQ1YjhhOGE3MWE5MGU2NTRmOWRjOCJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImY2MGJjYThkMmEzMmY3Yzg0NWMyZmM1N2M0MmM4OTQzYWZmOGNkMDUxMjU1ZTFiOGJjZWIwMzgyNTk2MTBhZmYifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lDaWNDdWh1SXRxbGZPaHl3VDBRcEJaaGtqdWZDb2hqWjNYN29tbU5UeEx1QWlFQXJjNkRmNisrMXp0bXphQWIwOXQ3SHFLNEx0dnF4cnZwa0theTh1cU5pUjA9IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VoeFJFTkRRbmsyWjBGM1NVSkJaMGxWWVRWdFNWZEpjMFZpVjBkMlJFWnhUMXBCVlhGdE1XZHNXV1J2ZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwVmQwMXFTWGxOYWtVd1RYcEJkMWRvWTA1TmFsVjNUV3BKZVUxcVJURk5la0YzVjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVnpiV2hLUm5KdVptZExaek5VVUdKdU4xVk5NazlyTmxGWlNraEJkek56Y0dSTFVGUUtUblY0Y0RWU01taHhNRVpNZDNwUFVUVTVPRzlQTUVNdk1GQjFRbGhXU1VGNlIzTXJRblpMWTNwSFpETkRXbUZsUkdGUFEwSnJNSGRuWjFwS1RVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVjJVRzA0Q2twR1dtZE9iRWxZYlU1VGFIWkNhVmg0ZEdoamJGRnpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMmRaYzBkQk1WVmtSVkZGUWk5M1UwSm5SRUlyYUc1NGIyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZGxsWE5XdGpiVll6WWtjNWFncGhlVGxQV2xoU1JtTXlUbWhqUjBacldsaE5kVkZZVG5kVWJWWXdVVEk1ZVZwVE5WUmFWMDR4WTIxc01HVlZhR3haVjFKc1kyNU5ka3h0WkhCa1IyZ3hDbGxwT1ROaU0wcHlXbTE0ZG1RelRYWlJibFp3WWtkU1FtSnRVbEZaVjA1eVRHNXNkR0pGUW5sYVYxcDZURE5DTVdKSGQzWk5ha2t3VERJeGJHTnRaR3dLVFVSclIwTnBjMGRCVVZGQ1p6YzRkMEZSUlVWTE1tZ3daRWhDZWs5cE9IWmtSemx5V2xjMGRWbFhUakJoVnpsMVkzazFibUZZVW05a1Ywb3hZekpXZVFwWk1qbDFaRWRXZFdSRE5XcGlNakIzUjJkWlMwdDNXVUpDUVVkRWRucEJRa0ZuVVUxalNGWnpZa1k1ZVZwWVJqRmFXRTR3VFVSWlIwTnBjMGRCVVZGQ0NtYzNPSGRCVVUxRlMwUmthVnBIU1hsYVIxVXhUakpaTkUxRWJHaFBWR3hzVFZSUk1VNHlWWGhPVkdoc1RXMU5lVnBVVVhwTmJWbDNUV3BOTTA1NlRYY0tSMmRaUzB0M1dVSkNRVWRFZG5wQlFrSkJVVTFSYmxad1lrZFNRbUp0VWxGWlYwNXlUVVZCUjBOcGMwZEJVVkZDWnpjNGQwRlJWVVZOYlVaMVdraEtiQXBrTW5oMldUSnpkbFJ0VmpCU1dFNXFXVmhDYUZwSFZucE1hMFo2WTBVMWJHUkZUblpqYlZWMVZUSldhbVJZU25Ca1NHeEpXbGRHYTFwWVNucE5RMFZIQ2tOcGMwZEJVVkZDWnpjNGQwRlJXVVZGTTBwc1dtNU5kbU5JVm5OaVF6aDVUV3BSZG1KWFZubGFNbFYzVDNkWlMwdDNXVUpDUVVkRWRucEJRa05CVVhRS1JFTjBiMlJJVW5kamVtOTJURE5TZG1FeVZuVk1iVVpxWkVkc2RtSnVUWFZhTW13d1lVaFdhV1JZVG14amJVNTJZbTVTYkdKdVVYVlpNamwwVFVsSFRRcENaMjl5UW1kRlJVRlpUeTlOUVVWS1FrZzBUV1pIYURCa1NFSjZUMms0ZGxveWJEQmhTRlpwVEcxT2RtSlRPV2hpYlZKNVdsaGtjMkl5VG5KTU1EVnNDbVJGVm5wWk1rWjNXVmRTYkdONU5VSmpNMEpQV2xoU1JHSXpTbXhNYkU1c1dUTldlV0ZZVWpWVFIxWm9Xa2RXZVdONU9IVmFNbXd3WVVoV2FVd3paSFlLWTIxMGJXSkhPVE5qZVRsRFpGZHNjMXBGUm5WYVJrSm9XVEp6ZFdWWE1YTlJTRXBzV201TmRtTklWbk5pUXpoNVRXcFJkbUpYVm5sYU1sVjNUMEZaU3dwTGQxbENRa0ZIUkhaNlFVSkRaMUZ4UkVObk0xbHRVbWxOYlZKc1RsUmtiVTlFUVRWWlZHczFXbFJGTUU1VVpHeE5WRlUwV2xSS2FrMXRWVEJOZWtwdENrMUVTWHBPZW1ONlRVSXdSME5wYzBkQlVWRkNaemM0ZDBGUmMwVkVkM2RPV2pKc01HRklWbWxNVjJoMll6TlNiRnBFUWxaQ1oyOXlRbWRGUlVGWlR5OEtUVUZGVFVKRlkwMVNWMmd3WkVoQ2VrOXBPSFphTW13d1lVaFdhVXh0VG5aaVV6bG9ZbTFTZVZwWVpITmlNazV5VERBMWJHUkZWbnBaTWtaM1dWZFNiQXBqZVRWQ1l6TkNUMXBZVWtSaU0wcHNUR3hPYkZrelZubGhXRkkxVTBkV2FGcEhWbmxqZWtFMFFtZHZja0puUlVWQldVOHZUVUZGVGtKRGIwMUxSR1JwQ2xwSFNYbGFSMVV4VGpKWk5FMUViR2hQVkd4c1RWUlJNVTR5VlhoT1ZHaHNUVzFOZVZwVVVYcE5iVmwzVFdwTk0wNTZUWGRKZDFsTFMzZFpRa0pCUjBRS2RucEJRa1JuVVZaRVFrNTVXbGRhZWt3elFqRmlSM2QyVFdwSk1Fd3lNV3hqYldSc1RVSm5SME5wYzBkQlVWRkNaemM0ZDBGUk9FVkRaM2RKVGxScmVncE9WRWswVG1wbmQweFJXVXRMZDFsQ1FrRkhSSFo2UVVKRlFWRm1SRUl4YjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbGxYTld0amJWWXpDbUpIT1dwaGVrRlpRbWR2Y2tKblJVVkJXVTh2VFVGRlVrSkJiMDFEUkVVMFRucFZNVTE2WnpSTlNVZE5RbWR2Y2tKblJVVkJXVTh2VFVGRlUwSklORTBLWmtkb01HUklRbnBQYVRoMldqSnNNR0ZJVm1sTWJVNTJZbE01YUdKdFVubGFXR1J6WWpKT2Nrd3dOV3hrUlZaNldUSkdkMWxYVW14amVUVkNZek5DVHdwYVdGSkVZak5LYkV4c1RteFpNMVo1WVZoU05WTkhWbWhhUjFaNVkzazRkVm95YkRCaFNGWnBURE5rZG1OdGRHMWlSemt6WTNrNVEyUlhiSE5hUlVaMUNscEdRbWhaTW5OMVpWY3hjMUZJU214YWJrMTJZMGhXYzJKRE9IbE5hbEYyWWxkV2VWb3lWWGRQUVZsTFMzZFpRa0pCUjBSMmVrRkNSWGRSY1VSRFp6TUtXVzFTYVUxdFVteE9WR1J0VDBSQk5WbFVhelZhVkVVd1RsUmtiRTFVVlRSYVZFcHFUVzFWTUUxNlNtMU5SRWw2VG5wamVrMUNkMGREYVhOSFFWRlJRZ3BuTnpoM1FWSlJSVVJuZDAxalNGWnpZa1k1ZVZwWVJqRmFXRTR3VFVoclIwTnBjMGRCVVZGQ1p6YzRkMEZTVlVWaGQzaHdZVWhTTUdOSVRUWk1lVGx1Q21GWVVtOWtWMGwxV1RJNWRFd3lSblZhU0Vwc1pESjRkbGt5YzNaVWJWWXdVbGhPYWxsWVFtaGFSMVo2VEd0R2VtTkZOV3hrUlU1MlkyMVZkVlV5Vm1vS1pGaEtjR1JJYkVsYVYwWnJXbGhLZWt3eVJtcGtSMngyWW01TmRtTnVWblZqZVRoNFRYcFJNMDVxWXpSTmVtZDNUVU01YUdSSVVteGlXRUl3WTNrNGVBcE5RbGxIUTJselIwRlJVVUpuTnpoM1FWSlpSVU5CZDBkalNGWnBZa2RzYWsxSlIweENaMjl5UW1kRlJVRmtXalZCWjFGRFFrZ3dSV1YzUWpWQlNHTkJDak5VTUhkaGMySklSVlJLYWtkU05HTnRWMk16UVhGS1MxaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIVmt3MU1HUlJaMEZCUWtGTlFWTkVRa2NLUVdsRlFYVkdja0pxWW1kTmMyc3ZMMjFwYUUxUVFVTm9NV1YzVUVJeVJWSTVkMmgxYjI0NVFUUlROVEpvTTBWRFNWRkVRMWhGTkhsRVIybHdabEUyYVFwS2VrWnhXVTQ1VG5aMGNrSnJNVWw1VWxWbFluUnNOVVF5SzFGQk9VUkJTMEpuWjNGb2EycFBVRkZSUkVGM1RtOUJSRUpzUVdwQlJXcENSVU5zWTIxbkNuVnhSSFJ5VFhGNWRGSk9ZMFZUYWxsTWRUUjFNRTlTWTNSTFJXOVljSGRMZFVSNVpuWXphSEJMWVdJNWQzZDBUa1V3Wm1KWmJXOURUVkZET1hVMlNqa0tWV05NUWxsVlFsYzFVMVJPU1dvMFNuZzNNRzlHY3psTWN6SkJZa3BwVFVWaGVtbzJiemcwYW5acE1HaGFVU3N6WXpCT2RtbGlabHB5ZGtrOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9XX19"
      }
    ],
    "timestampVerificationData": {},
    "certificate": {
      "rawBytes": "MIIHqDCCBy6gAwIBAgIUa5mIWIsEbWGvDFqOZAUqm1glYdowCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjUwMjIyMjE0MzAwWhcNMjUwMjIyMjE1MzAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsmhJFrnfgKg3TPbn7UM2Ok6QYJHAw3spdKPTNuxp5R2hq0FLwzOQ598oO0C/0PuBXVIAzGs+BvKczGd3CZaeDaOCBk0wggZJMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUvPm8JFZgNlIXmNShvBiXxthclQswHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgYsGA1UdEQEB/wSBgDB+hnxodHRwczovL2dpdGh1Yi5jb20vYW5kcmV3bG9jay9OZXRFc2NhcGFkZXMuQXNwTmV0Q29yZS5TZWN1cml0eUhlYWRlcnMvLmdpdGh1Yi93b3JrZmxvd3MvQnVpbGRBbmRQYWNrLnltbEByZWZzL3B1bGwvMjI0L21lcmdlMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wGgYKKwYBBAGDvzABAgQMcHVsbF9yZXF1ZXN0MDYGCisGAQQBg78wAQMEKDdiZGIyZGU1N2Y4MDlhOTllMTQ1N2UxNThlMmMyZTQzMmYwMjM3NzMwGgYKKwYBBAGDvzABBAQMQnVpbGRBbmRQYWNrMEAGCisGAQQBg78wAQUEMmFuZHJld2xvY2svTmV0RXNjYXBhZGVzLkFzcE5ldENvcmUuU2VjdXJpdHlIZWFkZXJzMCEGCisGAQQBg78wAQYEE3JlZnMvcHVsbC8yMjQvbWVyZ2UwOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMIGMBgorBgEEAYO/MAEJBH4MfGh0dHBzOi8vZ2l0aHViLmNvbS9hbmRyZXdsb2NrL05ldEVzY2FwYWRlcy5Bc3BOZXRDb3JlLlNlY3VyaXR5SGVhZGVycy8uZ2l0aHViL3dvcmtmbG93cy9CdWlsZEFuZFBhY2sueW1sQHJlZnMvcHVsbC8yMjQvbWVyZ2UwOAYKKwYBBAGDvzABCgQqDCg3YmRiMmRlNTdmODA5YTk5ZTE0NTdlMTU4ZTJjMmU0MzJmMDIzNzczMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBVBgorBgEEAYO/MAEMBEcMRWh0dHBzOi8vZ2l0aHViLmNvbS9hbmRyZXdsb2NrL05ldEVzY2FwYWRlcy5Bc3BOZXRDb3JlLlNlY3VyaXR5SGVhZGVyczA4BgorBgEEAYO/MAENBCoMKDdiZGIyZGU1N2Y4MDlhOTllMTQ1N2UxNThlMmMyZTQzMmYwMjM3NzMwIwYKKwYBBAGDvzABDgQVDBNyZWZzL3B1bGwvMjI0L21lcmdlMBgGCisGAQQBg78wAQ8ECgwINTkzNTI4NjgwLQYKKwYBBAGDvzABEAQfDB1odHRwczovL2dpdGh1Yi5jb20vYW5kcmV3bG9jazAYBgorBgEEAYO/MAERBAoMCDE4NzU1Mzg4MIGMBgorBgEEAYO/MAESBH4MfGh0dHBzOi8vZ2l0aHViLmNvbS9hbmRyZXdsb2NrL05ldEVzY2FwYWRlcy5Bc3BOZXRDb3JlLlNlY3VyaXR5SGVhZGVycy8uZ2l0aHViL3dvcmtmbG93cy9CdWlsZEFuZFBhY2sueW1sQHJlZnMvcHVsbC8yMjQvbWVyZ2UwOAYKKwYBBAGDvzABEwQqDCg3YmRiMmRlNTdmODA5YTk5ZTE0NTdlMTU4ZTJjMmU0MzJmMDIzNzczMBwGCisGAQQBg78wARQEDgwMcHVsbF9yZXF1ZXN0MHkGCisGAQQBg78wARUEawxpaHR0cHM6Ly9naXRodWIuY29tL2FuZHJld2xvY2svTmV0RXNjYXBhZGVzLkFzcE5ldENvcmUuU2VjdXJpdHlIZWFkZXJzL2FjdGlvbnMvcnVucy8xMzQ3Njc4MzgwMC9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGLBgorBgEEAdZ5AgQCBH0EewB5AHcA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGVL50dQgAABAMASDBGAiEAuFrBjbgMsk//mihMPACh1ewPB2ER9whuon9A4S52h3ECIQDCXE4yDGipfQ6iJzFqYN9NvtrBk1IyRUebtl5D2+QA9DAKBggqhkjOPQQDAwNoADBlAjAEjBEClcmguqDtrMqytRNcESjYLu4u0ORctKEoXpwKuDyfv3hpKab9wwtNE0fbYmoCMQC9u6J9UcLBYUBW5STNIj4Jx70oFs9Ls2AbJiMEazj6o84jvi0hZQ+3c0NvibfZrvI="
    }
  },
  "dsseEnvelope": {
    "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiTmV0RXNjYXBhZGVzLkFzcE5ldENvcmUuU2VjdXJpdHlIZWFkZXJzLjEuMC4wLXByZXZpZXcuMy5udXBrZyIsImRpZ2VzdCI6eyJzaGEyNTYiOiJlYmZmMWU3YzVhMTI5YTY5ZTI5NDFmODc1ZGQ3YTlmNzdhMGEwOWVjZjkwOTVmZTA0Y2M0NTM1MTE4NjNlOWNlIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vY3ljbG9uZWR4Lm9yZy9ib20iLCJwcmVkaWNhdGUiOnsiYm9tRm9ybWF0IjoiQ3ljbG9uZURYIiwic3BlY1ZlcnNpb24iOiIxLjYiLCJzZXJpYWxOdW1iZXIiOiJ1cm46dXVpZDpmOGFiNWQwMC03NGMyLTRlNjktYjAxMy1lYzcxZDM4MDYwNzYiLCJ2ZXJzaW9uIjoxLCJtZXRhZGF0YSI6eyJ0aW1lc3RhbXAiOiIyMDI1LTAyLTIyVDIxOjQyOjQ0WiIsInRvb2xzIjpbeyJ2ZW5kb3IiOiJDeWNsb25lRFgiLCJuYW1lIjoiQ3ljbG9uZURYIG1vZHVsZSBmb3IgLk5FVCIsInZlcnNpb24iOiI1LjAuMS4wIn1dLCJjb21wb25lbnQiOnsidHlwZSI6ImxpYnJhcnkiLCJib20tcmVmIjoiTmV0RXNjYXBhZGVzLkFzcE5ldENvcmUuU2VjdXJpdHlIZWFkZXJzQDEuMC4wLXByZXZpZXcuMyIsIm5hbWUiOiJOZXRFc2NhcGFkZXMuQXNwTmV0Q29yZS5TZWN1cml0eUhlYWRlcnMiLCJ2ZXJzaW9uIjoiMS4wLjAtcHJldmlldy4zIn19LCJjb21wb25lbnRzIjpbeyJ0eXBlIjoibGlicmFyeSIsImJvbS1yZWYiOiJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzQDEuMi4wLWJldGEuNTU2IiwiYXV0aG9ycyI6W3sibmFtZSI6IlNhbSBIYXJ3ZWxsIGV0LiBhbC4ifV0sIm5hbWUiOiJTdHlsZUNvcC5BbmFseXplcnMiLCJ2ZXJzaW9uIjoiMS4yLjAtYmV0YS41NTYiLCJkZXNjcmlwdGlvbiI6IkFuIGltcGxlbWVudGF0aW9uIG9mIFN0eWxlQ29wJ3MgcnVsZXMgdXNpbmcgUm9zbHluIGFuYWx5emVycyBhbmQgY29kZSBmaXhlcyIsInNjb3BlIjoicmVxdWlyZWQiLCJoYXNoZXMiOlt7ImFsZyI6IlNIQS01MTIiLCJjb250ZW50IjoiMDgxNjNGNjA2MUVCQzI2RUE5QjgwNjlBODJFOUY1NzVENjU2QTUwRjFEOTI5OUVEQTg3NEY0MTA3NzMxRUIyRTAyQjUxMkYyMDFGMUMzNEM2OTgzRDkyQkFFQ0Q2RUU1RTk5MkFBNkI2MUM3OEFFOTQ5MEE3RkREQkRENTE4ODIifV0sImxpY2Vuc2VzIjpbeyJsaWNlbnNlIjp7ImlkIjoiTUlUIn19XSwiY29weXJpZ2h0IjoiQ29weXJpZ2h0IDIwMTUgVHVubmVsIFZpc2lvbiBMYWJvcmF0b3JpZXMsIExMQyIsInB1cmwiOiJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzQDEuMi4wLWJldGEuNTU2IiwiZXh0ZXJuYWxSZWZlcmVuY2VzIjpbeyJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vRG90TmV0QW5hbHl6ZXJzL1N0eWxlQ29wQW5hbHl6ZXJzIiwidHlwZSI6IndlYnNpdGUifV19LHsidHlwZSI6ImxpYnJhcnkiLCJib20tcmVmIjoicGtnOm51Z2V0L1N0eWxlQ29wLkFuYWx5emVycy5VbnN0YWJsZUAxLjIuMC41NTYiLCJhdXRob3JzIjpbeyJuYW1lIjoiU2FtIEhhcndlbGwgZXQuIGFsLiJ9XSwibmFtZSI6IlN0eWxlQ29wLkFuYWx5emVycy5VbnN0YWJsZSIsInZlcnNpb24iOiIxLjIuMC41NTYiLCJkZXNjcmlwdGlvbiI6IkFuIGltcGxlbWVudGF0aW9uIG9mIFN0eWxlQ29wJ3MgcnVsZXMgdXNpbmcgUm9zbHluIGFuYWx5emVycyBhbmQgY29kZSBmaXhlcyIsInNjb3BlIjoicmVxdWlyZWQiLCJoYXNoZXMiOlt7ImFsZyI6IlNIQS01MTIiLCJjb250ZW50IjoiMEU5RkJBRTcxM0QyRDMwNjkwQkIzMzFFNzMwOEE2MTk4OTRFRTI2QzEzNzk4ODU1RUMwQTI1MjlCMzI0NjhENjdGQkNGMkJDMUYwMkFBMEYzQUU3RTY4NTFEMkI1OTU2ODRFRjQxNTI0NUFBODExOUI5QjFCN0Q1OEMzMDkxNkIifV0sImxpY2Vuc2VzIjpbeyJsaWNlbnNlIjp7ImlkIjoiTUlUIn19XSwiY29weXJpZ2h0IjoiQ29weXJpZ2h0IDIwMTUgVHVubmVsIFZpc2lvbiBMYWJvcmF0b3JpZXMsIExMQyIsInB1cmwiOiJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzLlVuc3RhYmxlQDEuMi4wLjU1NiIsImV4dGVybmFsUmVmZXJlbmNlcyI6W3sidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL0RvdE5ldEFuYWx5emVycy9TdHlsZUNvcEFuYWx5emVycyIsInR5cGUiOiJ3ZWJzaXRlIn1dfV0sImRlcGVuZGVuY2llcyI6W3sicmVmIjoiTmV0RXNjYXBhZGVzLkFzcE5ldENvcmUuU2VjdXJpdHlIZWFkZXJzQDEuMC4wLXByZXZpZXcuMyIsImRlcGVuZHNPbiI6WyJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzQDEuMi4wLWJldGEuNTU2IiwicGtnOm51Z2V0L1N0eWxlQ29wLkFuYWx5emVycy5VbnN0YWJsZUAxLjIuMC41NTYiXX0seyJyZWYiOiJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzLlVuc3RhYmxlQDEuMi4wLjU1NiIsImRlcGVuZHNPbiI6W119LHsicmVmIjoicGtnOm51Z2V0L1N0eWxlQ29wLkFuYWx5emVyc0AxLjIuMC1iZXRhLjU1NiIsImRlcGVuZHNPbiI6WyJwa2c6bnVnZXQvU3R5bGVDb3AuQW5hbHl6ZXJzLlVuc3RhYmxlQDEuMi4wLjU1NiJdfV19fQ==",
    "payloadType": "application/vnd.in-toto+json",
    "signatures": [
      {
        "sig": "MEUCICicCuhuItqlfOhywT0QpBZhkjufCohjZ3X7ommNTxLuAiEArc6Df6++1ztmzaAb09t7HqK4LtvqxrvpkKay8uqNiR0="
      }
    ]
  }
}

Unless otherwise told not to, the action also automatically produces a summary in the Actions run that looks something like the following:

If you click one of those links, you're taken to the attestation display page. Here you can view the attestation in a friendly format, as well as download the JSON file directly.

Verifying SBOM attestations

Just as for artifact provenance, SBOM attestations only provide value if you verify the attestations when consuming the artifacts. You can verify both SBOM provenance using the GitHub CLI, passing in the artifact you wish to verify, and an appropriate --predicate-type:

gh attestation verify \
  --owner andrewlock \
  --predicate-type https://cyclonedx.org/bom \
  <filename-or-url>

Note that in the above example I passed in a CycloneDX predicate; for SPDX you would pass in something like https://spdx.dev/Document/v2.3 instead. Note that if you don't specify a --predicate-type, then the CLI will verify the provenance attestation for the package instead of the SBOM.

For example, running the above command and providing the downloaded package from the workflow run produces something like the following:

> gh attestation verify --owner andrewlock --predicate-type https://cyclonedx.org/bom "NetEscapades.AspNetCore.SecurityHeaders.1.0.0-preview.4.nupkg"
Loaded digest sha256:bf809ff0ed6a8a31131df4391b169e35ded44d4dfd97cc797123441683a95c9f for file://NetEscapades.AspNetCore.SecurityHeaders.1.0.0-preview.4.nupkg
Loaded 2 attestations from GitHub API

The following policy criteria will be enforced:
- Predicate type must match:................ https://cyclonedx.org/bom
- Source Repository Owner URI must match:... https://github.com/andrewlock
- Subject Alternative Name must match regex: (?i)^https://github.com/andrewlock/
- OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!

The following 1 attestation matched the policy criteria

- Attestation #1
  - Build repo:..... andrewlock/NetEscapades.AspNetCore.SecurityHeaders
  - Build workflow:. .github/workflows/BuildAndPack.yml@refs/tags/v1.0.0-preview.4
  - Signer repo:.... andrewlock/NetEscapades.AspNetCore.SecurityHeaders
  - Signer workflow: .github/workflows/BuildAndPack.yml@refs/tags/v1.0.0-preview.4

Unfortunately, as I described in a previous post on attestations, verifying the provenance of NuGet packages uploaded to nuget.org is a bit more problematic.

The NuGet signing issue

As I described in a previous post on attestations, nuget.org modifies the .nupkg files that you upload, modifying their contents to add a signature file. Unfortunately changing the file like means that the provenance attestation and SBOM attestations are no longer valid for the file, which significantly reduces the usefulness of the attestations.

It's possible to restore some packages downloaded from nuget.org to their previous state, as I showed previously. For example, on Linux you can use the zip utility to delete the .signature.p7s file added by nuget.org:

file="NetEscapades.AspNetCore.SecurityHeaders.1.0.0-preview.4.nupkg"

# Delete the .signature.p7s file that nuget.org adds to the package
zip -d $file .signature.p7s

Unfortunately this doesn't work for all packages. If a package is author signed, then the .signature.p7s file will be part of the .nupkg file before it's uploaded to nuget.org. The hash of the file at this point is what will be used to generate the provenance and SBOM attestations.

When you upload the package to nuget.org, it adds a repository counter-signature, modifying the .signature.p7s file. That means you can't "simply" remove the .signature.p7s file to restore the original file. Unfortunately, I'm not sure there's a good solution to creating provenance attestations for the packages in this case; you'll essentially never be able to reliably verify the provenance, rendering them essentially pointless (as they could be easily forged).

The good news in all this is that the author and repository signatures are intended to serve a similar purpose to the attestations. In many ways they're the "NuGet native" solution to the problem. However they don't tie an artifact to a specific CI execution in the same way that the GitHub attestations do.

All of that is to say that generating attestations does not seem particularly useful in the .NET and NuGet ecosystems right now. Generating the attestations, as I've shown in this post, is not too difficult. However consuming and verifying the attestations is another story, and not one that NuGet provides good support for at this point.

Summary

In this post I built on top of the previous two posts about provenance attestations and software bills of materials (SBOM). This post showed how to combine the two concepts, producing provenance attestations for your SBOM documents. These provide confidence to consumers that a given SBOM document was generated for a specific artifact. I showed how you can use the actions/attest-sbom GitHub Action to attest SPDX and CycloneDX SBOMs, and how to verify the generated attestations. Finally, I discussed the problem with NuGet packages uploaded to nuget.org, and why verifying attestations for these nupkg files is difficult.