►
From YouTube: The Road to SLSA4 – Applying the Sigstore Ecosystem in a Corporate Environment- Alex Ilgayev, Cycode
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
The Road to SLSA4 – Applying the Sigstore Ecosystem in a Corporate Environment - Alex Ilgayev, Cycode
Sigstore’s ecosystem enables signing, verifying, and protecting software artifacts in a new way. By doing so, we can confirm that the software is what it claims to be. As part of the rising concerns of software supply chain attacks, we decided to adopt the Sigstore tooling, integrate it as part of our environment to increase the integrity level of our software artifacts, and share our insights of the process. In implementing Sigstore's ecosystem, we encountered several challenges that may be common to other organizations - our artifacts run on cloud-native, self-hosted, and even on-premise environments, and we use several build services, including a self-hosted K8s cluster. During the talk, we’ll explore the following concepts: - The trade-off for self-hosting rekor/fulcio instances against using public ones’. - Implementing “keyless” commit signatures with the gitsign utility instead of standard GPG. - Developing methodology and tools to verify commit signatures. - Using spiffe/spire to give our ephemeral build workloads identities. - Utilizing OIDC tokens for keyless signatures on artifacts in various build environments. - Developing methodology and tools to verify artifacts.
A
And
in
this
talk
we'll
look
on
sixer
on
a
bit
of
a
different
angle.
We
look
at
it
from
the
corporate
perspective
in
the
past.
In
the
past
month
me
and
my
team
in
cycled
we're
looking
extensively
at
six
store,
researching
and
in
order
to
understand
how
he
would
take
it
and
and
apply
it
in
our
internal
CI
environments,
and
we
wanted
to
achieve
two
goals.
A
A
Originally
when
I
applied
for
this
talk.
I
also
wanted
to
to
talk
about
the
verification
process
and
maybe
more
thoroughly
talking
about
git
sign
and
the
issue
of
currently
adopting
Gita
incorporates.
Unfortunately,
I
don't
have
well.
I
won't
have
enough
time
to
talk
about
this
in
20-20
minutes,
so
maybe
in
the
next
talks.
B
A
A
lot
of
reverse
engineering
for
complex
pieces
of
malwares
investigating
attacks
both
for
generated
in
cyber
crime
and
apts,
and
nowadays
I
investigated
research
of
vulnerabilities
and
mitigations
for
software
supply
chain.
Part
of
cycle
cycle
is
a
cyber
security
company
that
provides
a
complete
sort
of
supply
chain
solution
for
organizations,
foreign.
A
With
all
the
great
talks
we
had
there
so
far,
but
basically
a
new
standard
for
signing
very
fine,
protecting
aspects
of
software
development
development.
It
was
a
originally.
It
was
built,
especially
a
specific
specifically
for
open
source
projects,
but
we
will
look
at
it
from
also
a
bit
of
a
different
perspective.
A
Okay,
so
what
would
be
the
motivation
for
a
for
corporate,
for
example,
our
corporate,
when
we
look
at
it
to
into
adopting
adopting
a
six-store
tooling?
So
let's
say:
let's
take
an
example.
We
have
two
main
cases
for
such
corporates.
The
first
one
is
a
using
internal
artifacts
that
are
built
in
the
CI
environments
of
the
corporate
which
are
deployed
into
the
internal
production
environment
of
the
corporate.
A
So
we
can,
it
can
be
used
to
validate
artifacts
before
deployment
by
the
corporate
itself
and
I'm,
focusing
mainly
on
the
keyless
signature.
For
example.
We
could
verify
if
we
have
like
several
personnels
that
are
authorized
to
to
sign
artifacts
because
verify
that
these
were
the
only
ones
that
were
signing
on
this
artifact
before
deployed
to
production.
A
Also,
it
can
be
also
used
to
validate
the
artifacts
before
being
used
by
the
external
clients.
They
could
be
a
clients
that,
using
this
the
components
of
of
the
packages
or
they
could
be
used
also
as
a
yeah,
also
our
clients
like
open
source
clients.
So
all
these
packages
could
be
can
you
must
be
signed
through
the
CIA
environment
of
the
corporate
and
be
verified
that
this
was
signed
specifically
by
the
corporate,
for
example,
email
address
or
someone
inside
the
inside
the
the
development
process?
A
A
sum
of
additional
benefits
could
have.
It's
also
could
satisfy
some
of
the
requirements
for
salsa,
similarly
to
the
to
the
South
Providence
Builder
that
they're
using
a
reusable
workflows
to
satisfy
non-falsified
requirements
and
achieve
the
success
of
free.
So
you
could
also
use
the
cosine,
for
example,
to
sign
additional
pieces
of
information.
A
A
A
So
the
first
one
is
record.
There
are
a
lot
of
been
talking
talking
about
a
record
here.
So
basically
it's
a
it's.
A
immutable
temper
resistant
Ledger
of
a
metadata
built
on
top
of
a
trillion
tool
by
Google.
Basically,
it's
a
it's.
A
public
infrastructure
holds
the
public
infrastructure
of
record
that
every
work
can
add
the
in
the
metadata
to
it
and
and
query
and
verify
that
query
and
verified.
A
A
To
check
whether
this
token
was
is
valid
through
some
configuration,
it
has
it
that
you
can
check
it
through
a
several
identity
providers.
It
would
be
a
GitHub
Microsoft,
Google
GitHub
actions
could
also
use
the
Dex
identity
provider,
which
is
an
open
source,
popular
identity
provider,
and,
if
polter
found
that
the
token
is
valid,
so
it
will
issue
it
will
issue
a
short-lived
certificate
according
to
the
identity
given
identity.
From
the
the
token,
so
one
of
the
important
factors
about
fulcio-
that's
it's
its
strength
is,
is
it
depends
on
the
root
CA.
A
A
Kosan
is
a
it's
basically
the
signing
tool
for
for
six
store.
It
allows
you
to
sign
artifacts
and
maybe
additional
attestation
data
and
it
stores
the
data
on
the
oci
registry
and
find
the
git
sign.
I
think
we
can
skip
that,
for
you
explain
it
way
better
than
I
do
so.
If
we
look
up
from
the
corporate
perspective,
the
using
public
instance
of
record
could
be
quite
problematic.
A
For
example,
I
used
cosine
to
sign
some
simple
image
of
mine.
It's
called
Simple
go
server
in
this.
It
was
stored
on
the
public
instance
of
record.
We
can
see
the
the
index
number.
Everyone
can
just
go
and
query
this
this.
This
entry
in
a
record
extract
the
certificate
from
it
from
the
century
and
get
my
my
email
number.
A
It
could
be
personal
copy
corporate,
and
this
could
be
quite
an
issue
for
a
corporates
specifically
when
also
looking
on
git
sign,
which
implies
on
the
way
and
a
lot
more
entries
such
that,
and
if
the
artifacts
are
private
or
the
project
as
private,
they
could
be
an
issue
to
expose
a
a
lot
of
maybe
email
numbers.
It
could
be
also
maybe
identity
of
machines
or
GitHub
action,
workflows
or
whatever.
A
Additional
issues
they
could
have
with
also
wrote
fools,
even
though
it's
not
publicly
accessible
to
everyone.
It's
still
the
demands,
the
trusting,
the
Foster
server
to
store
your
emails
and
your
certificates.
You
need
to
trust
the
research
fit
or
the
root
certificate
and
and
the
of
app
that
that
gives
you
the
short-lived
certificate.
A
It
was
maybe
raising
the
full
instance,
but
it
demands
like
maintaining
the
the
root
CA
and
private
Keys,
which
can
be
a
very
demanding
for
a
maybe
smaller
companies,
so
I,
don't
recommend
it
for
every
every
organization.
But
if
you
want
it's
possible,
so
let's
see
some
hello
world
for
a
simple
signature
using
the
salesforce.in
infrastructure.
A
A
And
finally,
when
the
signature
succeeds
succeeds
we
have
like
entry
record
that
we
we
can
query
whenever
we
want
and
we
get
our
the
identity,
the
certificate
which
contains
the
identity
which
you
that
used
that
were
used
to
sign
the
artifact.
It
also
includes
the
issuer,
which,
in
our
case,
it's
of.cycle.dev
that
issue
this
certificate.
A
Similar
procedure
also,
we
can
apply
for
a
git
sign.
We
need
also
to
Define
several
environmental
variables
that
defines
the
the
new
self-hosted
infrastructure
every
commit
we
just
log
in
through
our
Google
account,
which
is
Google
account,
and
we
we
have
this
entry,
that's
saved
on
record
that
we
can
verify
and
say
that
it
contains
the
certificate
on
the
name
of
the
one
who
made
the
commit
okay.
A
So
we
will
explore
it
to
two
scenarios
and
the
first
one
is
using
a
GitHub
code
management
with
GitHub
action.
Ci,
we'll
use
GitHub
hosted
machines
for
the
CI
and
finally,
we
will
push
the
artifact
to
a
Docker
up
and
and
for
the
second
case,
which
has
been
quite
more
complex.
We
will
manage
our
code
in
gitlab
and
use
gitlab
Runner
CI,
but
we
will
use
a
self-manage
or
manage
it
doesn't
really
matter
if
a
private
kubernetes
cluster
that
will
run
the
sci
builds
in
by
the
polling.
A
A
If
I
will
be
pushing
the
code
to
a
gitlab
I
have
like
I
managed
in
our
case
GK
cluster.
It
could
be
AKs
or
eks.
It
doesn't
matter.
There
will
be
a
managed
cluster
and
a
port
inside
the
cluster
that
will
be
polling
gitlab
for
new
job.
Whenever
the
new
job
will
received,
you
will
provision
a
new
cloud
and,
and
that
pod
will
do
the
CI
job,
including
pushing
the
image
to
Docker
hub.
A
Imagine
a
GitHub
action,
a
workflow
when
the
first
with
the
heads
two
jobs,
the
first
job
is
like
building
the
the
image
and
pushing
it
through
Docker
Hub
and
the
second
job
will
be
adding
a
signature
to
the
image
it
could
be.
It
would
be
calling
a
reusable
workflow
and
an
external
workflow
that
could
be
reused
in
also
in
several
other
builds
an
important
factor
that
it
should
be
sent
a
permission
to
a
with
ID
token
to
that
reusable
workflow.
A
This
ID
token
is
is
giving
the
reasonable
workflow
a
jaw
token
as
an
environment
variable
that
could
be
used
to
give
identity
to
the
signature
process.
We're
also
sending
a
parameter
of
the
the
image
damage
should
be
assigning
so
how
this
erasable
workflow
looks
like
first,
it
should
be
defining
several
environment
variables.
We
said
we
want
to
to
try
it
out
with
a
self-hosted
infrastructure,
so
we're
giving
it
the
right
recurrent
fulcio.
A
We
should
also
be
giving
it
the
the
root
ca
for
the
full
cell,
which
is
fetching
from
some
from
a
gcp
bucket
and
inside
the
the
workflow
itself.
It's
very
plain,
simple,
just
signing
it,
giving
it
the
right
parameters
and
giving
it
a
IDC
provider
of
GitHub
action.
Fortunately,
a
cost
time
is
supporting
GitHub
action
as
many
other
identity
providers.
So
he
knows
how
to
fetch
the
the
job
tokens
from
environmental
variable
and
use
it
to
authenticate
against
the.
B
A
A
So
when
we
finish
running,
it
will
be
succeed,
succeed
in
in
pushing
and
building
and
pushing
the
image,
and
we
receive
our
entry
in
recall
when
we
query
this
entry,
we
will
see
that
it
contains
this
certificate.
A
fullser
is
aware
of
GitHub
action.
It
knows
how
to
put
the
right
properties
in
the
certificate
it
contains
handful
of
information.
First,
the
issuer
of
GitHub
actions,
the
workflow
trigger
the
commission
and
the
workflow
name,
and
more
so
we
were
able
to
integrate,
integrate
a
sixth
part
of
our
SCI.
A
A
A
A
Github
provides
every
every
job.
This
variable
that
contains
it's
signed
by
the
by
the
gitlab
service
itself,
and
it
gives
information
about
the
the
actual
job
that's
running.
It
can
be
used
to
many
many
use
cases.
Many
use
cases
are
like
using
it
to
authenticate
against
hashico
Vault
and
additional
cases
specifically
I.
Don't
recommend
it
using
here
because
it
you
can.
You
can
regenerate
the
token
for
specific
audience,
like
you
can
in
the
other
identity
providers,
additional
solution
will
be
to
use
the
gcp
metadata
service.
I
said
we
are
using
gke.
A
A
This
can
be
a
decent
solution,
but
it
won't
be
enough
because,
because
we
won't
be
utilizing
that
we
have
a
kubernetes
cluster
and
we
have
specific
parts
that
were
doing
this
build,
so
this
solution
isn't
good
enough.
The
third
solution
would
be
to
using
a
kubernetes
identity
Service.
As
I
said,
we
have
like
a
managed
gke
cluster,
so
we
can.
We
can
ask
kubernetes
to
sign
the
token
and
use
that
token
it's
also
a
decent
solution,
but
it
demands
exposing
the
cluster
JW
cast
endpoint.
A
So
the
final
solution
that
may
be
the
most
complex
one
is
that
use
the
specific
spiral
it
could
give
us
the
best
of
both
floors,
both
using
the
kubernetes
and
the
commercial
identity,
server
and
the
gcp
member
server,
and
we
can
authenticate
nodes
using
gcp
and
authenticate
wallets.
You
workloads
using
the.
A
First,
we
need
to
create
some
specific
spiral:
infrastructure
there's,
excellent,
tutorials
and
quick
starts
for
for
that.
I
personally,
I
suggest
that
to
install
Aspire
on
on
some
in
some
different
or
different
server
than
on
the
on
the
cluster
you're
using
to
build
your
images
on,
and
you
also
installed
the
Aspire
agent
through
some
Demon
set
inside
your
kubernetes.
So
every
every
node
that
will
be
will
have
this
spiral
API
and
the
build
that
will
be
running
on
this
node
will
have
access
to
that
API.
A
Also,
the
spiral
agent
will
be
authenticating
with
the
gcp
metadata
service
and
and
a
test
as
the
agent
do,
the
being
part
of
our
gcp
project,
for
example.
So
when
I
install
these
spiral,
agents
and
I
went
to
the
Spire
server
to
see
all
the
agent
list.
I
can
see.
I
could
say
that
I
identified
the
three
nodes
I
have
in
my
cluster,
and
each
of
them
has
a
specific
spiffy
ID
a
H
this
this.
That
means
that
Aspire
agent
was
a
successfully
authenticated
against
the
gcp
service.
A
A
So
for
that
we're
creating
two,
a
new
entries
in
the
Spire
server,
the
first
we're
giving
a
spiffy
ID
of
build
node
to
every
node.
That
is
specifically
in
our
cycle.
Labs
UCP
project
we
already
attested
the
node.
So
that's
how
he
chooses
the
nodes
and
and
giving
them
the
specific
ID,
adding
additional
entry
with
for
a
workloads
that
every
workload
was
that
there
was
that
has
parent
ID
of
the
specific
build
node,
which
is
the
previously
defined
and
also
in
a
namespace.
A
A
Gitlab
doesn't
have
support
out
of
the
box
for
a
spire,
so
we
use
the
kiverno
policy
to
mount
a
the
Spire
API.
This
means
the
spiral
unit
Unix
socket
for
every
every
new
product
is
specifically
in
the
gitla
brand
or
namespace,
which
is
the
namespace
in
our
cluster
that
all
the
new
builds
will
be
created
in
so
this
kivano
policies
just
solved
this
issue
for
us
and
finally,
we
need
to
configure
the
GitHub
CI
workflow
to
get
the
SV.
A
So
this
is
how
they.
Finally
CI
file
in
gitlab,
looks
like
we
are
defining
a
batch
of
environment
variables
for
the
for
the
infrastructure,
for
we
defining
the
spiffy
endpoint
socket
and
several
six
store
variables.
All
these
variables
could
also
be
defined
through
some
caverno
policy
to
be
default.
A
So
this
is
what
the
the
CIA
use
cases
that's
some
of
the
insights
we
had
through
the
process,
the
first
regarding
cell
phones
at
fulsior,
as
I
said
it
may
become
complicated
due
to
a
management
of
the
root
CA.
It
could
be
a
continuous
to
do
it
and
propagating
the
public
fruit,
CA
and
the
certificate
transparency
look
publicly
to
the
signers
and
verifies.
A
Could
Implement
some
maintenance
work
additional
usages
for
cosine?
Could
we
also
do
some
artifactor
station,
so
we
could
use
the
the
the
architecture
we
build
right
now
you
can
use
it
also
to
sign
whether
it
will
be
provenanced,
s-bomb
or
an
ability
report
or
any
any
metadata
we
want.
It
will
be
attached
to
the
specific
artifact
and
also
some
regards
regarding
the
manage
the
kubernetes
cluster
or
any
other
environment.
So
it
can
take
quite
some
time
to
build.
A
A
So,
even
though
it
was
designed
with
open
source
in
mind,
we
wanted
to
deliver
that.
It
also
can
fit
some
organization
to
secure
their
artifact
with
whether
they
are
internally
used
or
externally
by
by
other
clients
creating
all
the
infrastructure.
All
the
infrastructure
from
scratch
is
doable,
but
it's
not
recommended
for
every
organization.