v2.4.0 | Report Errata
docs security docs security

Version Pinning & Private Repositories

Every dependency is pinned to an exact version in a lock file: Poetry lock, pip freeze, or npm shrinkwrap. Version pinning prevents automatic upgrades to compromised versions, ensuring that the deployed system contains exactly the dependencies that were tested and validated. Unpinned or loosely pinned dependencies introduce non-determinism and a supply chain attack vector.

Dependencies are fetched from a private repository (JFrog Artifactory, Sonatype Nexus, or equivalent) that caches approved packages, not directly from public registries. The private repository provides two benefits: it acts as a curated supply, preventing typosquatting and dependency confusion attacks; and it ensures that packages remain available even if the public registry experiences outages or removes packages. All cached packages are scanned for known vulnerabilities (Snyk, Trivy), and packages with critical vulnerabilities are rejected.

For model artefacts sourced externally (pre-trained models from Hugging Face or similar), the revision parameter pins to a specific Git commit SHA. The engineering team computes and records the SHA-256 content hash at download and verifies it before use. The version pinning policy, private repository configuration, and model artefact verification process are documented in Module 9.

Key outputs

  • Exact version pinning in lock files for all dependencies
  • Private repository caching with vulnerability scanning
  • Model artefact pinning to commit SHA with hash verification
  • Module 9 AISDP documentation

Signature Verification & Continuous Vulnerability Scanning

Sigstore cosign provides cryptographic signing for both container images and model artefacts. The provider signs the artefact at build time; the consumer verifies the signature before deployment or use. Any artefact that fails signature verification is rejected by the pipeline, and the event triggers a security alert. This prevents deployment of tampered artefacts, whether the tampering occurred in transit, in storage, or through a compromised build process.

Continuous vulnerability scanning extends beyond the CI pipeline to monitor the deployed system’s actual dependency tree. Snyk Monitor tracks the resolved versions in the production container against continuously updated vulnerability databases. A vulnerability disclosed after deployment triggers an alert within hours, closing the gap between disclosure and detection. Automated dependency monitoring tools (Dependabot, Renovate) watch the dependency manifest and can automatically open pull requests to update vulnerable dependencies.

For critical vulnerabilities (CVSS 9.0+), the remediation SLA is 24–72 hours. The automated PR from Dependabot or Renovate accelerates the response by eliminating the manual step of identifying the vulnerable package and preparing the update. The pipeline’s validation gates run on the update before it reaches production, ensuring that the fix does not introduce regressions.

Key outputs

  • Sigstore cosign signing and verification for images and model artefacts
  • Continuous vulnerability monitoring of deployed dependencies (Snyk Monitor)
  • Automated update PRs (Dependabot, Renovate) for vulnerable dependencies
  • Module 9 AISDP evidence
On This Page