Verifying Images
Akuity continuously scans its published images for known vulnerabilities (CVEs) and publishes the results of that triage as OpenVEX assessments. VEX ("Vulnerability Exploitability eXchange") records, for each CVE a scanner might flag, whether the image is actually affected — and when it is not, why (for example, the vulnerable code is present in a bundled OS library but is never reachable in an execute path). Folding these assessments into your own scans drops the false positives Akuity has already triaged.
The assessments are attached to each image digest as a signed cosign attestation (keyless, via Sigstore / GitHub OIDC), so they travel with the image — there is no extra endpoint to configure, and the signature proves Akuity authored the assessment for exactly the image you are running. They cover the publicly available Akuity images you run in your own clusters, on both Akuity Cloud and self-hosted:
quay.io/akuity/agent— the Akuity agentquay.io/akuity/argocd— Akuity's Argo CD buildghcr.io/akuity/kargo— Kargo
Apply the assessments with Grype
Verify and extract the attestation, then pass it to Grype with --vex. Verifying first means you only apply assessments whose Akuity signature checks out:
IMAGE=quay.io/akuity/agent:<version> # or quay.io/akuity/argocd, ghcr.io/akuity/kargo
# Verify Akuity's signature and extract the OpenVEX document in one step.
# A digest may carry more than one attestation (assessments are appended as
# dispositions change), so take the most recent by timestamp.
cosign verify-attestation --type openvex \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/akuityio/cve-triage/.github/workflows/attest-vex.yml@refs/heads/main \
"$IMAGE" \
| jq -s 'map(.payload | @base64d | fromjson | .predicate) | max_by(.timestamp)' > akuity-vex.json
# Scan, applying the assessments. CVEs Akuity has marked not_affected are
# suppressed (Grype lists them under its ignored set with vex-status
# not_affected) and annotated with the justification.
grype "$IMAGE" --vex akuity-vex.json
A CVE is suppressed only when Akuity has dispositioned it and your scanner still reports it — assessments are added as CVEs are triaged, so a freshly built image may surface findings that are not yet dispositioned.
Verify provenance only
To simply confirm that an image carries an authentic Akuity assessment (for example, as a release gate), run the verify-attestation step on its own; it exits non-zero if the signature or signer identity does not match:
cosign verify-attestation --type openvex \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/akuityio/cve-triage/.github/workflows/attest-vex.yml@refs/heads/main \
quay.io/akuity/argocd:<version>
Akuity attaches an assessment to the latest patch of each supported release line. An assessment pertains to that specific digest; older patches keep the assessment they received while they were current. Suppression is keyed to the exact package versions present in the image, so an assessment authored for one patch will not mis-apply to an image built from different package versions.
The attestation is signed by Akuity's vulnerability-triage workflow, a distinct identity from the workflow that builds and signs each release image.