Community post by KubeEdge SIG-Security (Reprinted from the KubeEdge blog)

In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge[2] and released a paper on cloud native edge computing security threat analysis and protection. Based on the security threat model and audit suggestions, the community consistently strengthens the KubeEdge software supply chain. Now, we are excited to announce that KubeEdge v1.13.0 (including both binary and container image artifacts), released on January 18, 2023, achieves SLSA[3] 3 compliance, the first of its kind in the CNCF community.

Why Is SLSA 3 Compliance Important to KubeEdge

Software supply chain integrity attacks (unauthorized modification of software packages) have been increasing in the past three years. After KubeEdge reaches SLSA 3, the E2E security (from source code build to release) is hardened, preventing malicious tampering of binary and container image artifacts. Thanks to SLSA, we can enhance the integrity of software artifacts, against tampering or any type of unauthorized modification of the software or software package, and enable software to defend against common supply chain attacks.

About SLSA

Proposed by Google, SLSA (Supply Chain Levels for Software Artifacts) is a security framework and a check-list of standards and controls to prevent tampering, improve software supply chain integrity, and secure software packages and infrastructure in projects, businesses or enterprises. It is not a single tool, but a step-by-step outline to prevent artifacts from being tampered with and tampered artifacts from being used, and at the higher levels, to strengthen the platforms that make up a supply chain. Manufacturers follow the SLSA guidelines to safeguard their software, and users make decisions based on the security status of software packages.

SLSA is currently in alpha, and related definitions are subject to change.

The following figure describes the known attack points in software supply chains. For details, see

SLSA diagram flow

SLSA introduces many new tools and concepts, such as:

How KubeEdge Reaches SLSA 3

The SLSA requirements are arranged into four levels. The higher the level, the higher the requirements. For details, see

When the third-party security audit report was released in July 2022, KubeEdge did not meet SLSA 3 requirements in terms of SLSA provenance. After continuous hardening by SIG-Security, KubeEdge finally achieved SLSA 3 in January 2023. The following table lists the compliance status of KubeEdge in Source, Build, Provenance, and Common. (“Y” indicates compliance, while blank indicates non-compliance.)

SLSA requirements and compliance

RequirementL1 L2L3L4
Version controlledYYY
Verified historyYY
Retained indefinitelyYY
Two-person reviewedY
Scripted buildYYYY
Build serviceYYY
Build as codeYY
Ephemeral environmentYY
Service generatedYYTo-do
Dependencies completeTo-do

This section describes how KubeEdge meets the build and provenance requirements of SLSA 3. The build/provenance requirements and corresponding KubeEdge solutions are as follows:

Build requirements:

  1. Scripted build: All build steps were fully defined in some sort of “build script”.
  2. Build service: All build steps ran using some build services, not on a developer’s workstation. Build services include GitHub Actions and those provided by third-party cloud platforms.
  3. Build as code: The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.
  4. Ephemeral environment: The build service ensured that the build steps ran in an ephemeral environment, such as a container or VM, provisioned solely for this build, and not reused from a prior build.
  5. Isolated: The build service ensured that the build steps ran in an isolated environment free of influence from other build instances, whether prior or concurrent.
  6. Parameterless: The build output cannot be affected by user parameters other than the build entry point and the top-level source location. In other words, the build is fully defined through the build script and nothing else.
  7. Hermetic: All transitive build steps, sources, and dependencies were fully declared up front with immutable references, and the build steps ran with no network access.


All KubeEdge build processes are automatically executed by scripts on GitHub. As a build service (with definition files and configuration files stored in the .github/workflows directory), GitHub Actions ensure that build steps are traceable and verifiable, the build environment is ephemeral and isolated, and the build parameters and dependencies cannot be tampered with.

Provenance requirements:

  1. Available: The provenance is available to the consumer in a format that the consumer accepts. The format SHOULD be in-toto SLSA Provenance, but another format MAY be used if both producer and consumer agree and it meets all the other requirements.
  2. Authenticated: The provenance’s authenticity and integrity can be verified by the consumer. This SHOULD be through a digital signature from a private key accessible only to the service generating the provenance.
  3. Service generated: The data in the provenance MUST be obtained from the build service.
  4. Non-falsifiable: Provenance cannot be falsified by the build service’s users.
  5. Dependencies complete: Provenance records all build dependencies that were available while running the build steps. This includes the initial state of the machine, VM, or container of the build worker.


slsa-github-generator, SLSA’s official GitHub build project, is integrated into the artifacts (including binary files and container images) released in KubeEdge to achieve SLSA 3.

The KubeEdge version release process (.github/workflows/release.yml) integrates slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml and slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml to ensure that the process of building and releasing artifacts (including binary files and container images) meets the SLSA 3 requirements.

For details about slsa-github-generator, see

About Provenance

Provenance is the build metadata, a proof of the software build and release execution process and can be verified. It includes build steps, build sources, and dependencies, such as source code repositories, code branches, and configuration files. Provenance content of SLSA 3 is authentic, tamper-proof, and will not be changed by project maintainers. The provenance file (named multiple.intoto.jsonl) of binary artifacts is released with the release software package. The provenance file of a container image is uploaded to the KubeEdge Docker Hub public repository together with the image. For details about the Provenance formats, see

How to Verify That KubeEdge Release Artifacts Meet SLSA 3

For details, see

The following is an example:

Signing and Working Principles of slsa-github-generator

OpenID Connect (OIDC) is used to prove the identity of a workflow to an external service (Sigstore[4]). OIDC is a standard used across the web by identity providers to authenticate users for third parties. GitHub now supports OIDC in its workflows. Each time a workflow runs, a runner can create a unique JWT token from GitHub’s OIDC provider. The token contains verifiable information about the workflow identity, including the caller repository, commit hash, trigger, and current (reusable) workflow path and reference.

With OIDC, the workflow proves its identity to Sigstore’s Fulcio root certificate authority (an external authentication service). Fulcio signs a short-term certificate to prove the temporary signature key (generated in the runner) and binds the key to the workload identity. The signing record is stored in Sigstore’s transparency log Rekor. A user can use the signed certificate as a trusted anchor to verify that the provenance was authenticated and cannot be falsified; it must have been created in a trusted builder. The process is as follows:

Diagram flow showing signing and working principles of slsa-github-generator

In 2022, slsa-github-generator[5] was honored by the Sigstore community as Best User Adopter.

SLSA GitHub Generators as Best User Adopter


SLSA plays an important role in the software supply chain security of KubeEdge. Based on the Sigstore capabilities, the entire software supply chain process of KubeEdge, from source code to release artifacts, is signed and verified to improve the security.


[1] KubeEdge blog:

[2] The third-party security audit of KubeEdge:

[3] SLSA website:

[4] Sigstore website:

[5] SLSA Generator:

[6] SLSA3 generic integration guide:

[7] Improving software supply chain security with tamper-proof builds:

[8] Sigstore November Roundup: