Skip to content

[BUG] Attestation verification fails when OCI referrers exist alongside tag-based attestations #3185

New issue
New issue
Open
Open
[BUG] Attestation verification fails when OCI referrers exist alongside tag-based attestations#3185
Labels
bugSomething isn't workingtriage
@arewm

Description

@arewm
arewm
opened on Mar 19, 2026

Describe the Bug

When an image has OCI referrers (e.g. a VSA attached via cosign attest --new-bundle-format),
ec validate image exclusively uses the bundle/referrers verification path and never falls
back to tag-based attestation lookup (.att cosign tags). This causes verification to fail
when the referrers were signed with a different key than the tag-based attestations.

(this issue is created with assistance from Claude)

Steps to Reproduce

  1. Build an image and have Tekton Chains attach a provenance attestation via cosign tag (.att
    suffix), signed with key A
  2. Attach a VSA to the same image using cosign attest --new-bundle-format --key <key-B>,
    which stores it as an OCI referrer
  3. Run ec validate image --images '{"components":[{"name":"built-image","containerImage":"<image>"}]}' --public-key <key-A> --policy <policy> --ignore-rekor
  4. Verification fails even though the Chains provenance attestation is present and signed with
    the provided key

Expected Behavior

ec should find and verify the tag-based Chains provenance attestation using key A, regardless
of whether unrelated OCI referrers exist on the image.

Actual Behavior

ec detects OCI referrers via hasBundles() in application_snapshot_image.go, sets
opts.NewBundleFormat = true, and only attempts the bundle verification path. It tries to
verify the referrer bundles (the VSA, signed with key B) using key A, fails, and never falls
back to the tag-based .att attestation.

Screenshots or Terminal Output

Success: false
Result: FAILURE
Violations: 2, Warnings: 0, Successes: 0

Results:
✕ [Violation] builtin.attestation.signature_check
Reason: No image attestations found matching the given public key. Verify the correct
public key was provided, and one or more attestations were created. Error: no matching
attestations: failed to verify signature: could not verify envelope: accepted signatures
do not match threshold, Found: 0, Expected 1

✕ [Violation] builtin.image.signature_check
Reason: No image signatures found matching the given public key. Verify the correct
public key was provided, and a signature was created. Error: no matching signatures:
failed to verify signature: could not verify envelope: accepted signatures do not match
threshold, Found: 0, Expected 1

Environment: ec v0.8.82 (cosign v3.0.4 internally), Tekton Chains provenance via cosign tag
storage, VSA via cosign attest --new-bundle-format, quay.io registry.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingtriage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions