Security & Scanning

How Archipelag.io keeps the Cargo Registry safe

Security & Scanning

Archipelag.io employs multiple layers of security to protect consumers, Islands, and the platform. This page explains our security model and what happens when you submit or run a Cargo.

Security Philosophy

Trust is earned, not granted. Every Cargo starts with maximum restrictions and earns capabilities through verification and track record.

Our security model assumes:

Consumers don’t trust Islands (data isolation)
Islands don’t trust consumer code (sandboxing)
Nobody trusts unverified Cargos (scanning + signing)

Automated Security Scanning

Every Cargo submission undergoes automated security scanning before publication.

What We Scan

Container Images

Operating system packages
Language dependencies (npm, pip, cargo, etc.)
System libraries
Configuration files

Vulnerabilities Checked

CVE database (National Vulnerability Database)
GitHub Security Advisories
Language-specific vulnerability databases
Known malware signatures

Scanning Tools

We use industry-standard scanners:

Tool	Purpose
Trivy	Primary vulnerability scanner
Grype	Secondary scanner for cross-validation
Syft	SBOM (Software Bill of Materials) generation

Dual-Scanner Approach

Using two independent scanners reduces the chance of missing vulnerabilities. A finding from either scanner triggers review.

Scan Results

After scanning, Cargos receive a vulnerability report:

Severity	Description	Impact on Trust Level
Critical	Actively exploited or trivially exploitable	Blocks Level 1+
High	Serious but requires specific conditions	Max 5 for Level 1, blocks Level 2+
Medium	Moderate risk, usually requires auth	Informational
Low	Minimal risk	Informational

Viewing Scan Results

Publishers can view scan results from the Cargo dashboard:

Go to My Cargos → Select Cargo
Click Security tab
View:
- Scan date and tool version
- Vulnerability counts by severity
- Individual CVE details with remediation advice
- SBOM download link

Users can view a summary by clicking the trust badge on any Cargo.

Software Bill of Materials (SBOM)

Every scanned Cargo has an SBOM—a complete inventory of components:

What’s Included:

All packages and their versions
Dependency tree
License information
Source locations (when available)

Why It Matters:

Verify exactly what’s in a Cargo
Check license compliance
Respond quickly to new vulnerabilities

SBOMs are available in SPDX and CycloneDX formats from the Cargo’s Security tab.

Cryptographic Signing

Verified Cargos (Trust Level 2+) are cryptographically signed using Sigstore/cosign.

How Signing Works

Publisher submits Cargo
        │
        ▼
  Security scan passes
        │
        ▼
  Staff reviews Cargo
        │
        ▼
  Platform signs with cosign
        │
        ▼
  Signature stored with Cargo
        │
        ▼
  Islands verify signature before execution

What Signing Guarantees

Integrity: The Cargo hasn’t been modified since signing
Authenticity: Archipelag.io reviewed and approved this Cargo
Non-repudiation: We can prove when signing occurred

Verification by Islands

Before running a signed Cargo, Islands:

Fetch the Cargo’s signature
Verify against Archipelag.io’s public key
Confirm the image digest matches
Only then execute the Cargo

If verification fails, the job is rejected and reported.

Transparency Log

All signatures are recorded in a public transparency log (Rekor), providing an auditable record of every signed Cargo.

Build Provenance (SLSA)

For maximum supply chain security, we support SLSA (Supply-chain Levels for Software Artifacts) attestations.

What Provenance Provides

Build source: Git repository and commit SHA
Build system: How the container was built
Build inputs: All dependencies at build time
Reproducibility: Information to recreate the build

Provenance Levels

SLSA Level	Meaning
Level 1	Build process documented
Level 2	Signed build provenance
Level 3	Hardened build platform

Publishers using GitHub Actions with our workflow templates automatically achieve SLSA Level 2.

Runtime Sandboxing

Even after verification, all Cargos run in isolated sandboxes on Islands.

Sandbox Restrictions

Protection	What It Does
Container isolation	Separate filesystem, process space, users
Network restrictions	No network (Level 0-1), outbound only (Level 2+)
Resource limits	CPU, memory, and time caps
Seccomp profiles	Block dangerous system calls
Read-only filesystem	Prevent persistent modifications
No privileged operations	No Docker socket, no kernel modules

Sandbox Tiers

Tier	Trust Levels	Key Restrictions
Restricted	0	Minimal syscalls, no network, 256MB RAM
Standard	1	Default syscalls, no network, 1GB RAM
Elevated	2-3	Extended syscalls, outbound network, 8GB RAM

Islands Are Protected

Even if a malicious Cargo passed all checks, sandbox restrictions prevent it from affecting the Island or other Cargos.

Weekly Rescans

Security is ongoing. We rescan all published Cargos weekly to catch:

Newly discovered vulnerabilities in existing packages
Updated threat intelligence
Changes in vulnerability severity ratings

What Happens on Rescan

Finding	Action
New critical CVE	Automatic demotion to Level 0, publisher notified
New high CVE	Warning sent, 7 days to remediate before demotion
Medium/Low CVE	Informational notice

Publishers receive email notifications for any changes and can view details in the dashboard.

Incident Response

If a security issue is discovered in a published Cargo:

Automatic Actions

Trust level reduced to Sandbox (Level 0)
Running jobs may be terminated if actively exploited
Publisher notified via email
Audit log entry created

Emergency Suspension

For severe issues (active exploitation, malware):

Cargo immediately suspended
All Islands notified via NATS broadcast
Active jobs terminated
Publisher account flagged for review
Incident ticket created

Transparency

Security incidents affecting consumers are disclosed in our [security advisories](https://archipelag.io/security/advisories) after remediation.

For Publishers

Reducing Vulnerabilities

Use minimal base images (Alpine, distroless)
Pin dependency versions explicitly
Update dependencies regularly before submission
Remove unused packages to reduce attack surface
Use multi-stage builds to exclude build tools

Pre-Submission Scanning

Scan locally before submitting:

# Using Trivy
trivy image your-workload:latest

# Using Grype
grype your-workload:latest

Responding to Findings

If your Cargo is demoted due to vulnerabilities:

Review the scan report in your dashboard
Update affected packages
Rebuild and resubmit
Request rescan from Cargo settings

For Islands

Trust Configuration

Islands can configure trust requirements:

[security]
# Minimum trust level to accept jobs
min_trust_level = 1

# Require cryptographic signature
require_signature = false

# Trusted signing keys (Archipelag.io key included by default)
trusted_keys = ["https://archipelag.io/.well-known/cosign.pub"]

Signature Verification

Islands automatically verify signatures for Level 2+ Cargos. If verification fails:

Job is rejected
Coordinator notified
Event logged locally
No container is started

Frequently Asked Questions

How long does scanning take?

Most scans complete in 1-3 minutes. Complex images with many packages may take longer.

Can I see the full scan report?

Publishers see complete reports. Users see a summary (counts by severity) via the trust badge modal.

What if I think a scan result is wrong?

Contact security@archipelag.io with your Cargo ID and the disputed finding. We’ll review and update if appropriate.

Do you scan WASM Cargos?

Yes, WASM modules are scanned for known vulnerabilities and malicious patterns, though the tooling differs from container scanning.

How do I report a security issue?

Email security@archipelag.io or use our bug bounty program.

Next Steps

{% card(title="Trust Levels", href="/marketplace/trust-levels/") %} Understand what each trust level means.

Publishing Guide

Best practices for secure Cargo development.

{% end %}