NVIDIA is dedicated to the security and trust of our software products and services, including all source code repositories.
Please do not report security vulnerabilities through GitHub.
To report a potential security vulnerability in any NVIDIA product:
- Web: Security Vulnerability Submission Form
- Email: [email protected]
- Use NVIDIA PGP Key for secure communication
Include in your report:
- Product/Driver name and version
- Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
- Steps to reproduce
- Proof-of-concept or exploit code
- Potential impact and exploitation method
NVIDIA offers acknowledgement for externally reported security issues under our coordinated vulnerability disclosure policy. Visit PSIRT Policies for details.
For all security-related concerns: https://www.nvidia.com/en-us/security
Eidos (Eidos) provides supply chain security artifacts for all container images:
- SBOM Attestation: Complete inventory of packages, libraries, and components in SPDX format
- SLSA Build Provenance: Verifiable build information (how and where images were created)
All container images published from tagged releases include multiple layers of attestations, providing comprehensive supply chain security:
- Build Provenance – SLSA attestations signed using GitHub's OIDC identity
- SBOM Attestations – SPDX v2.3 JSON format signed with Cosign
- Binary SBOMs – SPDX v2.3 JSON format embedded in CLI binaries via GoReleaser
Build Provenance (SLSA)
- Complete record of the build environment, tools, and process
- Source repository URL and exact commit SHA
- GitHub Actions workflow that produced the artifact
- Build parameters and environment variables
- Cryptographically signed using Sigstore keyless signing
- SLSA Build Level 3 compliant
SBOM Attestations
- Complete inventory of packages, libraries, and dependencies
- SPDX v2.3 JSON format (industry standard)
- Attached to container images as attestations
- Signed with Cosign using keyless signing (Fulcio + Rekor)
- Enables vulnerability scanning and license compliance
Setup - Get Latest Release Tag and Resolve Digest:
# Get the latest release tag
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
echo "Using tag: $TAG"
# Resolve tag to immutable digest (requires crane or docker)
export IMAGE="ghcr.io/nvidia/eidos"
export DIGEST=$(crane digest "${IMAGE}:${TAG}" 2>/dev/null || docker inspect "${IMAGE}:${TAG}" --format='{{index .RepoDigests 0}}' | cut -d'@' -f2)
echo "Resolved digest: $DIGEST"
# Use digest for verification (recommended - immutable reference)
export IMAGE_DIGEST="${IMAGE}@${DIGEST}"Why use digests? Tags are mutable and can be changed to point to different images. Digests are immutable SHA256 hashes that uniquely identify an image, providing stronger security guarantees.
Method 1: GitHub CLI (Recommended)
# Verify using digest (preferred - no warnings)
gh attestation verify oci://${IMAGE_DIGEST} --owner nvidia
# Verify the eidosd image
export IMAGE_API="ghcr.io/nvidia/eidosd"
export DIGEST_API=$(crane digest "${IMAGE_API}:${TAG}")
gh attestation verify oci://${IMAGE_API}@${DIGEST_API} --owner nvidia
# Note: You can still use tags, but tools may show warnings about mutability
# gh attestation verify oci://ghcr.io/nvidia/eidos:${TAG} --owner nvidiaMethod 2: Cosign (SBOM Attestations)
# Verify SBOM attestation using digest (preferred - avoids warnings)
cosign verify-attestation \
--type spdxjson \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'https://github.com/NVIDIA/eidos/.github/workflows/.*' \
${IMAGE_DIGEST}
# Extract and view SBOM
cosign verify-attestation \
--type spdxjson \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'https://github.com/NVIDIA/eidos/.github/workflows/.*' \
${IMAGE_DIGEST} | jq -r '.payload' | base64 -d | jq '.predicate'Method 3: Policy Enforcement (Kubernetes)
See In-Cluster Verification section below for automated admission policies.
Build Provenance Contains:
- Build trigger (tag push event)
- Builder identity (GitHub Actions runner)
- Source repository and commit SHA
- Build workflow path and run ID
- Build parameters and environment
- Dependencies used during build
- Timestamp and build duration
SBOM Contains:
- All Go module dependencies with versions
- Transitive dependencies (full dependency tree)
- Package licenses (SPDX identifiers)
- Package URLs (purl) for each component
- Container base image layers
- System packages from base image
For more information:
Export variables for the image you want to verify:
# Get latest release tag
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
export IMAGE="ghcr.io/nvidia/eidos"
export IMAGE_TAG="$IMAGE:$TAG"
# Get digest for the tag (requires crane or docker)
export DIGEST=$(crane digest "$IMAGE_TAG" 2>/dev/null || docker inspect "$IMAGE_TAG" --format='{{index .RepoDigests 0}}' | cut -d'@' -f2)
export IMAGE_DIGEST="$IMAGE@$DIGEST"
export IMAGE_SBOM="$IMAGE:sha256-$(echo "$DIGEST" | cut -d: -f2).sbom"Authentication (if needed):
docker login ghcr.ioEidos provides SBOMs in SPDX v2.3 JSON format for comprehensive supply chain visibility:
- Binary SBOMs – Embedded in CLI binaries (SPDX v2.3 JSON)
- Container Image SBOMs – Attached as attestations (SPDX v2.3 JSON)
Generated by GoReleaser during release builds, embedded directly in binaries.
Access Binary SBOM:
# Get latest release tag
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
export VERSION=${TAG#v} # Remove 'v' prefix for filenames
# Detect OS and architecture
export OS=$(uname -s | tr '[:upper:]' '[:lower:]')
export ARCH=$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')
# Download binary from GitHub releases
curl -LO https://github.com/NVIDIA/eidos/releases/download/${TAG}/eidos_${TAG}_${OS}_${ARCH}
chmod +x eidos_${TAG}_${OS}_${ARCH}
# Download SBOM (separate file)
curl -LO https://github.com/NVIDIA/eidos/releases/download/${TAG}/eidos_${VERSION}_${OS}_${ARCH}.sbom.json
# View SBOM
cat eidos_${VERSION}_${OS}_${ARCH}.sbom.jsonBinary SBOM Format (SPDX v2.3):
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "eidos",
"documentNamespace": "https://anchore.com/syft/file/eidos-610e106b-2614-434c-bfe6-941863de47ff",
"creationInfo": {
"licenseListVersion": "3.27",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-1.38.2"
],
"created": "2026-01-01T16:52:12Z"
},
"packages": [
{
"name": "github.com/NVIDIA/eidos",
"SPDXID": "SPDXRef-Package-go-module-github.com-NVIDIA-eidos-f06a66ba03567417",
"versionInfo": "v0.8.12", // Example version - actual version varies by release
"supplier": "NOASSERTION",
"downloadLocation": "NOASSERTION",
"filesAnalyzed": false,
"sourceInfo": "acquired package info from go module information: /eidos",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"externalRefs": [
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:NVIDIA:eidos:v0.8.12:*:*:*:*:*:*:*" // Example CPE
},
{
"referenceCategory": "SECURITY",
"referenceType": "cpe23Type",
"referenceLocator": "cpe:2.3:a:NVIDIA:cloud_native_stack:v0.8.12:*:*:*:*:*:*:*" // Example CPE
},
{
"referenceCategory": "PACKAGE-MANAGER",
"referenceType": "purl",
"referenceLocator": "pkg:golang/github.com/NVIDIA/[email protected]" // Example purl
}
]
},Generated by Syft/Anchore, attached as Cosign attestations in SPDX v2.3 JSON format.
Extract SBOM from Container Image:
# Get latest release tag and resolve digest
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
export IMAGE="ghcr.io/nvidia/eidosd"
export DIGEST=$(crane digest "${IMAGE}:${TAG}")
export IMAGE_DIGEST="${IMAGE}@${DIGEST}"
# Method 1: Using Cosign (extracts attestation) - uses digest to avoid warnings
cosign verify-attestation \
--type spdxjson \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity-regexp 'https://github.com/NVIDIA/eidos/.github/workflows/.*' \
${IMAGE_DIGEST} | \
jq -r '.payload' | base64 -d | jq '.predicate' > sbom.json
# Method 2: Using GitHub CLI (shows all attestations)
gh attestation verify oci://${IMAGE_DIGEST} --owner nvidia --format jsonContainer SBOM Format (SPDX v2.3 JSON):
{
"spdxVersion": "SPDX-2.3",
"dataLicense": "CC0-1.0",
"SPDXID": "SPDXRef-DOCUMENT",
"name": "eidos",
"documentNamespace": "https://anchore.com/syft/file/eidos-610e106b-2614-434c-bfe6-941863de47ff",
"creationInfo": {
"licenseListVersion": "3.27",
"creators": [
"Organization: Anchore, Inc",
"Tool: syft-1.38.2"
],
"created": "2026-01-01T16:52:12Z"
},
"packages": [
{
"name": "github.com/NVIDIA/eidos",
"SPDXID": "SPDXRef-Package-go-module-github.com-NVIDIA-eidos-f06a66ba03567417",
"versionInfo": "v0.8.12", // Example version - actual version varies by release
...SBOM Use Cases:
-
Vulnerability Scanning – Feed SBOM to Grype, Trivy, or Snyk
grype sbom:./sbom.json
-
License Compliance – Analyze licensing obligations
jq -r '.packages[] | select(.licenseDeclared != "NOASSERTION") | "\(.name) \(.versionInfo) \(.licenseDeclared)"' sbom.json -
Dependency Tracking – Monitor for supply chain risks
jq '.packages[] | select(.name | contains("vulnerable-lib"))' sbom.json -
Audit Trail – Maintain records for compliance
# SBOM timestamp proves when components were included jq '.creationInfo.created' sbom.json
SLSA (Supply chain Levels for Software Artifacts) provides verifiable information about how images were built. Eidos achieves SLSA Build Level 3 through GitHub Actions OIDC integration.
SLSA is a security framework that protects against supply chain attacks by ensuring:
- Source integrity – Code comes from expected repository
- Build integrity – Build process is secure and reproducible
- Provenance – Complete record of how artifacts were created
- Auditability – Cryptographically signed evidence
- Build as Code – GitHub Actions workflows define reproducible builds
- Provenance Available – Attestations generated for all releases
- Provenance Authenticated – Signed using Sigstore keyless signing
- Service Generated – GitHub Actions generates provenance (not self-asserted)
- Non-falsifiable – Strong authentication of identity (OIDC)
- Dependencies Complete – Full dependency graph in SBOM
Method 1: GitHub CLI
# Get latest release tag and resolve digest
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
export IMAGE="ghcr.io/nvidia/eidos"
export DIGEST=$(crane digest "${IMAGE}:${TAG}")
export IMAGE_DIGEST="${IMAGE}@${DIGEST}"
# Verify provenance exists and is valid (using digest)
gh attestation verify oci://${IMAGE_DIGEST} --owner nvidia
# Output shows:
# ✓ Verification succeeded!
#
# Attestations:
# • Build provenance (SLSA v1.0)
# • SBOM (SPDX)Method 2: Extract and Inspect Provenance
# Get full provenance data (using digest)
gh attestation verify oci://${IMAGE_DIGEST} \
--owner nvidia \
--format json | jq '.[] | select(.verificationResult.statement.predicateType | contains("slsa"))'
# Key fields in provenance:
# - buildDefinition.buildType: GitHub Actions workflow type
# - runDetails.builder.id: Workflow file and commit
# - buildDefinition.externalParameters.workflow: Workflow path and ref
# - buildDefinition.resolvedDependencies: Source code commit SHA
# - runDetails.metadata.invocationId: GitHub run IDExample Provenance Data:
...
"verificationResult": {
"mediaType": "application/vnd.dev.sigstore.verificationresult+json;version=0.1",
"signature": {
"certificate": {
"certificateIssuer": "CN=sigstore-intermediate,O=sigstore.dev",
"subjectAlternativeName": "https://github.com/NVIDIA/eidos/.github/workflows/on-tag.yaml@refs/tags/v0.8.12",
"issuer": "https://token.actions.githubusercontent.com",
"githubWorkflowTrigger": "push",
"githubWorkflowSHA": "ba6cbbe8b1a8fc8b72bb18454c10a3ba31d94a2e",
"githubWorkflowName": "on_tag",
"githubWorkflowRepository": "NVIDIA/eidos",
"githubWorkflowRef": "refs/tags/v0.8.12",
"buildSignerURI": "https://github.com/NVIDIA/eidos/.github/workflows/on-tag.yaml@refs/tags/v0.8.12",
"buildSignerDigest": "ba6cbbe8b1a8fc8b72bb18454c10a3ba31d94a2e",
"runnerEnvironment": "github-hosted",
"sourceRepositoryURI": "https://github.com/NVIDIA/eidos",
"sourceRepositoryDigest": "ba6cbbe8b1a8fc8b72bb18454c10a3ba31d94a2e",
"sourceRepositoryRef": "refs/tags/v0.8.12",
"sourceRepositoryIdentifier": "1095163471",
"sourceRepositoryOwnerURI": "https://github.com/NVIDIA",
"sourceRepositoryOwnerIdentifier": "1728152",
"buildConfigURI": "https://github.com/NVIDIA/eidos/.github/workflows/on-tag.yaml@refs/tags/v0.8.12",
"buildConfigDigest": "ba6cbbe8b1a8fc8b72bb18454c10a3ba31d94a2e",
"buildTrigger": "push",
"runInvocationURI": "https://github.com/NVIDIA/eidos/actions/runs/20642050863/attempts/1",
"sourceRepositoryVisibilityAtSigning": "public"
}
},
...Enforce provenance verification at deployment time using Kubernetes admission controllers.
Option 1: Sigstore Policy Controller
# Install Policy Controller
kubectl apply -f https://github.com/sigstore/policy-controller/releases/download/v0.10.0/release.yaml
# Create ClusterImagePolicy to enforce provenance
cat <<EOF | kubectl apply -f -
apiVersion: policy.sigstore.dev/v1beta1
kind: ClusterImagePolicy
metadata:
name: eidos-images-require-attestation
spec:
images:
- glob: "ghcr.io/nvidia/eidos*"
authorities:
- keyless:
url: https://fulcio.sigstore.dev
identities:
- issuerRegExp: ".*\.github\.com.*"
subjectRegExp: "https://github.com/NVIDIA/eidos/.*"
attestations:
- name: build-provenance
predicateType: https://slsa.dev/provenance/v1
policy:
type: cue
data: |
predicate: buildDefinition: buildType: "https://actions.github.io/buildtypes/workflow/v1"
EOFOption 2: Kyverno Policy
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: verify-eidos-attestations
spec:
validationFailureAction: Enforce
rules:
- name: verify-attestation
match:
any:
- resources:
kinds:
- Pod
verifyImages:
- imageReferences:
- "ghcr.io/nvidia/eidos*"
attestations:
- predicateType: https://slsa.dev/provenance/v1
attestors:
- entries:
- keyless:
issuer: https://token.actions.githubusercontent.com
subject: https://github.com/NVIDIA/eidos/.github/workflows/*Test Policy Enforcement:
# Get latest release tag
export TAG=$(curl -s https://api.github.com/repos/NVIDIA/eidos/releases/latest | jq -r '.tag_name')
# This should succeed (image with valid attestation)
kubectl run test-valid --image=ghcr.io/nvidia/eidos:${TAG}
# This should fail (unsigned image)
kubectl run test-invalid --image=nginx:latest
# Error: image verification failed: no matching attestations foundAll Eidos releases are built using GitHub Actions with full transparency:
- Source Code – Public GitHub repository
- Build Workflow –
.github/workflows/on-tag.yaml(version controlled) - Build Logs – Public GitHub Actions run logs
- Attestations – Signed and stored in public transparency log (Rekor)
- Artifacts – Published to GitHub Releases and GHCR
View Build History:
# List all releases with attestations
gh api repos/NVIDIA/eidos/releases | \
jq -r '.[] | "\(.tag_name): \(.html_url)"'
# View specific build logs
gh run list --repo NVIDIA/eidos --workflow=on-tag.yaml
gh run view 20642050863 --repo NVIDIA/eidos --logVerify in Transparency Log (Rekor):
# Search Rekor for attestations
rekor-cli search --artifact ghcr.io/nvidia/eidos:v0.8.12
# Get entry details
rekor-cli get --uuid <entry-uuid>For more information: