Skip to content

VerifyImageAttestations has no OCI 1.1 referrer discovery path #4708

New issue
New issue
Open
Open
VerifyImageAttestations has no OCI 1.1 referrer discovery path#4708
@rdsharma

Description

@rdsharma
rdsharma
opened on Feb 18, 2026

Summary

VerifyImageAttestations in pkg/cosign/verify.go has no code path to discover attestations stored via the OCI 1.1 Referrers API. Unlike VerifyImageSignatures (which checks co.ExperimentalOCI11 at line 619 and calls verifyImageSignaturesExperimentalOCI), the attestation verification always falls through to tag-based .att suffix lookup.

This means attestations pushed via WriteAttestationsReferrer (the Referrers API path) cannot be verified by cosign verify-attestation --experimental-oci11.

Details

VerifyImageSignatures (works)

// verify.go line 619
if co.ExperimentalOCI11 {
    return verifyImageSignaturesExperimentalOCI(ctx, signedImageRef, co)
}

VerifyImageAttestations (missing)

// verify.go line 1024 — no ExperimentalOCI11 check
// Always goes to tag-based ociremote.AttestationTag (line 1044)

The --experimental-oci11 flag is parsed by the CLI (verify-attestation command) but is never propagated to the verification logic for attestations. It is effectively dead code in the attestation path.

Downstream Impact

Kyverno's verifyImages with attestations calls cosign's VerifyImageAttestations under the hood, so it inherits this limitation. Policy engines cannot verify referrer-based DSSE attestations until this is addressed.

Similarly, cosign download attestation has no referrer support — it only checks bundles and tag-based (.att) storage.

Expected Behavior

VerifyImageAttestations should have an ExperimentalOCI11 code path (analogous to the one in VerifyImageSignatures) that:

  1. Queries the OCI Referrers API for attestation manifests matching the subject digest
  2. Fetches and verifies each attestation layer using the same verification logic

cosign download attestation should also support --experimental-oci11 or COSIGN_REGISTRY_REFERRERS_MODE=oci-1-1.

Discovered During

End-to-end testing of a container signing pipeline using OCI 1.1 referrers for DSSE attestation storage. After fixing #4707 (per-layer annotations preserved), attestations are correctly pushed but cannot be verified.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions