Presenters
Source
Building Trust: Beyond Basic Provenance in Your Software Supply Chain 🚀
In today’s interconnected world, the security of our software supply chain is paramount. We rely on a complex web of dependencies, tools, and build processes, and a single weak link can have devastating consequences. This is why understanding and strengthening build provenance verification is no longer a nice-to-have, but an absolute necessity. We recently had the privilege of diving deep into this critical area with John Shell, a seasoned consultant at Control Plane and an active open-source maintainer, as he shed light on the nuances of the Supply-chain Levels for Software Artifacts (Salsa) framework and, more importantly, how to go beyond its standard attestations.
The Salsa Framework: A Solid Foundation, But Not the Whole Story 🏗️
The Salsa framework provides a fantastic baseline for understanding where your software comes from and how it was built. It’s all about generating attestations – cryptographic statements about the build process. Think of it as a digital fingerprint for your software’s creation.
- The Core Idea: Salsa aims to identify vulnerabilities within the build process and provide a mechanism to verify the integrity of your software artifacts.
- The Challenge: As John Shell pointed out, even with signed Salsa build provenance, a sneaky vulnerability can slip through the cracks. The actual code being built can be compromised before the Salsa attestation is even generated.
The “Dirty Bird” Scenario: When Verified Provenance Deceives 🐦
John illustrated this with a compelling real-world example: a container image that claimed to have verified provenance, but was, in fact, built with unexpected and malicious code!
- The Deception: A container image, supposedly built with trusted Salsa attestations, was found to contain the string “It’s time to do the dirty bird” instead of the expected “print hello world”.
- The Root Cause: This chilling discrepancy often stems from untrusted build parameters and build steps. Imagine building from unofficial forks, obscure branches, or tags that aren’t what they seem. The danger intensifies when the boundaries between your build platform and the project maintainer become blurred, allowing for code modifications after the source code has been checked out.
Standard Verifications: A Good Start, But Not Enough 🧐
The presentation kicked off with a demonstration of generating Salsa provenance using GitHub Actions, showcasing both the Salsa GitHub generator and GitHub’s native attestation actions.
- Successful Attestations: Both methods successfully generated signed Salsa attestations, a positive step in verifying the build process.
- The Flaw Revealed: However, initial verification attempts highlighted
critical weaknesses:
- Verifying against a mutable tag (like
v0.0.3) proved risky and correctly identified the potential for compromise. - Verifying against the container image digest offered more robustness, confirming the builder and referencing the Salsa framework and GitHub workflow.
- Verifying against a mutable tag (like
- The Undetected Threat: Crucially, these standard verifications failed to detect the underlying code modification that led to the “dirty bird” surprise.
Introducing Witness: Seeing is Believing in the Build Process 👀
This is where the real magic happens. To combat these hidden threats, John introduced witness, an open-source tool designed to observe the build process itself.
- The Power of Observation: By wrapping your build process with witness, you capture additional attestations. This includes the precise Git commit hash and branch immediately before the build command executes.
- Detecting Discrepancies: Witness can then flag deviations. For instance,
it can alert you if the build originated from
refs/heads/dirtybirdwhen you expectedmain. This level of granular detail is a game-changer for supply chain security.
Policy Enforcement with Rego: Setting Unbreakable Rules 🛡️
Witness doesn’t just observe; it enables enforcement. By integrating with policy engines like Rego, you can define and enforce stringent build requirements.
- Defining Your Trust: A witness policy can mandate specific conditions. For
example, you can ensure that the Git attestation must originate from the
mainbranch. - Successful Verification: When these policies are met, verification becomes robust, leading to the expected “hello world” output and a secure build.
- Flexible Policies: The flexibility of Rego allows for detailed checks across various attestation types – Git, GitHub, Salsa provenance, and container images – giving you unparalleled control.
The Unpredictable Output: A Natural Defense 🎲
A fascinating point raised during the presentation is the inherent difficulty in forging the output digest of provenance within the Salsa threat model.
- The Compiler’s Mystery: Predicting the exact output of a compiler based on its inputs is incredibly complex and, for practical purposes, unpredictable. This unpredictability acts as a natural barrier against certain types of attacks.
- Community Efforts: The OpenSSF community is actively working on improving tooling and fostering interoperability for attestation management, including funding for crucial developments.
The Policy Dilemma: Trusting the Trust Mechanism ❓
A pertinent question from the audience touched upon a critical aspect: how do we validate the integrity of the policy itself?
- The Open Question: John acknowledged this as a significant challenge. While policies can be signed, ensuring their semantic correctness and scaling their management across thousands of dependencies remains an ongoing area of research and development.
- Join the Conversation: The commitment to tackling these complex supply chain security challenges is evident, with an invitation to participate in weekly Salsa specification meetings and discussions.
The Takeaway: Building a More Resilient Software Future 🌐
The presentation by John Shell was a powerful reminder that in the quest for software supply chain security, we must continuously evolve our verification strategies. While Salsa provides a vital framework, tools like witness, coupled with robust policy engines like Rego, empower us to move beyond basic attestations and build truly resilient and trustworthy software. The journey to a secure software supply chain is ongoing, and active participation in the community is key to navigating its complexities and building a safer digital future for everyone.