In many current computing systems, protected software such as container-based software is open to threat surfaces where entities in communication are not known or verified. In order to provide trust assertions as to software, some kind of attestation is performed. Often this attestation for software that executes on a given computing system involves interaction with one or more remote systems such as a cloud-based service. This external attestation increases the threat surface to the protected software.