Understanding the Identity ofa CI Platform

November 12, 2024

12

Understanding the Identity of a CI Platform

Presented at SigstoreCon 2024

Richard Fan

November 12, 2024

More Decks by Richard Fan

See All by Richard Fan

You Don’t Need to Be a Hero to Contribute

0

6

JAWS Pankration 2024 - Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

72

Preserving privacy on data collaboration with AWS Clean Rooms

0

53

Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

170

When Data Collaboration Meets Privacy: Privacy-enhancing Technologies on AWS

0

63

AWS Security Hub Central Configuration - An Easy way to monitor your Organization security posture

0

75

Create your first AWS Nitro Enclaves application

0

74

Building Security Data Lake

0

22

Other Decks in Technology

See All in Technology

AWS Security Hub CSPMの成功・失敗体験

0

510

サイバーエージェントにおけるAI推進戦略と変革への取り組み

0

460

入門！AWS Blocks

1

180

螺旋型キャリアの生存戦略 / kinoko-conf2026

1

820

徹底討論！ECS vs EKS！

3

1.4k

MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4

0

310

SONiC実機とGNS3 SONiC VSによる事前コンフィグ検証 ― 生成AIエージェントを環境構築・検証支援に使ってみた ―

0

120

コミットの「なぜ」を読む

0

120

クレデンシャル流出 ― 攻撃 3 時間 vs 復旧 10 時間。この非対称性にどう備えるか

3

530

AI時代のコスト管理を考えよう〜明日から使える実践AWSノウハウ～

0

830

感情と身体を置き去りにしない、エンジニアの生きのこり方 ──いまから、ここから「自分の状態」を扱うという選択

0

310

When Platform Engineering Meets GenAI

0

170

Featured

See All Featured

SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web

0

210

コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI

62

44k

30

1.5k

Rails Girls Zürich Keynote

96

14k

Large-scale JavaScript Application Architecture

515

110k

End of SEO as We Know It (SMX Advanced Version)

3

4.2k

Dealing with People You Can't Stand - Big Design 2015

367

27k

Ruling the World: When Life Gets Gamed

0

260

Marketing to machines

1

5.5k

Being A Developer After 40

91

590k

Why Our Code Smells

PRO

340

58k

Impact Scores and Hybrid Strategies: The future of link building

tamaranovitovic

0

310

Transcript

None
Richard Fan Understanding the Identity of a CI Platform
Who am I • Security Engineer • AWS Security Hero
• Amateur hacker OSCP – but forgot how to try harder • Love travel, hiking • Have a cat
Who am I • 10 Nov, 2024 @Brian Head
(Refresher) Fulcio
(Refresher) Fulcio
Reusing other’s identity
Victim? … argo-cd
Victim? … argo-cd Pass the check!!!
Check more extension --certificate-github-workflow-repository "argoproj/argo-cd"
Extension verification support Not Supported Only for GitHub New OID
scheme • sigstore-js (Was supported, but removed) • sigstore-rs (No stable release yet) • sigstore-ruby (No stable release yet) • policy-controller (Possible with attestation) • sigstore-python (CLI) • cosign • sigstore-java (With some tricks) • sigstore-python (API) • sigstore-go (Undocumented function) NewCertificateIdentity()
No one size fit all
No one size fit all GitHub GitLab
No one size fit all If you think some mapping
is not right? Raise a PR!! https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml
How to find me [email protected] richardfan1126 @richardfan1126