Understanding the Identity ofa CI Platform

November 12, 2024

2

Understanding the Identity of a CI Platform

Presented at SigstoreCon 2024

Richard Fan

November 12, 2024

More Decks by Richard Fan

See All by Richard Fan

You Don’t Need to Be a Hero to Contribute

0

3

JAWS Pankration 2024 - Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

59

Preserving privacy on data collaboration with AWS Clean Rooms

0

52

Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

160

When Data Collaboration Meets Privacy: Privacy-enhancing Technologies on AWS

0

57

AWS Security Hub Central Configuration - An Easy way to monitor your Organization security posture

0

70

Create your first AWS Nitro Enclaves application

0

64

Building Security Data Lake

0

19

Other Decks in Technology

See All in Technology

ルールルルルル私的函館観光ガイド── 函館の街はイクラでも楽しめる！

0

200

Azure Lifecycle with Copilot CLI

3

960

「責任あるAIエージェント」こそ自社で開発しよう！

5

800

2026年に相応しい最先端プラグインホストの設計<del>と実装</del>

0

120

レビューしきれない？それは「全て人力でのレビュー」だからではないでしょうか

0

120

研究開発部メンバーの働き⽅ / Sansan R&D Profile

PRO

4

23k

Bill One 開発エンジニア紹介資料

PRO

5

18k

The Journey of Box Building

4

250

Master Dataグループ紹介資料

PRO

1

4.6k

Data Hubグループ紹介資料

PRO

0

2.9k

最近の技術系の話題で気になったもの色々（IoT系以外も） / IoTLT 花見予定会（たぶんBBQ） @都立潮風公園バーベキュー広場

PRO

1

200

Rapid Start: Faster Internet Connections, with Ruby's Help

1

110

Featured

See All Featured

Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)

1

230

Highjacked: Video Game Concept Design

PRO

1

340

The Psychology of Web Performance [Beyond Tellerrand 2023]

49

3.4k

Git: the NoSQL Database

PRO

432

67k

Raft: Consensus for Rubyists

141

7.4k

A brief & incomplete history of  UX Design for the World Wide Web: 1989–2019

1

350

How Software Deployment tools have changed in the past 20 years

0

33k

Refactoring Trust on Your Teams (GOTO; Chicago 2020)

35

3.4k

SEOcharity - Dark patterns in SEO and UX: How to avoid them and build a more ethical web

0

160

The #1 spot is gone: here's how to win anyway

tamaranovitovic

2

1k

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

287

14k

186

16k

Transcript

None
Richard Fan Understanding the Identity of a CI Platform
Who am I • Security Engineer • AWS Security Hero
• Amateur hacker OSCP – but forgot how to try harder • Love travel, hiking • Have a cat
Who am I • 10 Nov, 2024 @Brian Head
(Refresher) Fulcio
(Refresher) Fulcio
Reusing other’s identity
Victim? … argo-cd
Victim? … argo-cd Pass the check!!!
Check more extension --certificate-github-workflow-repository "argoproj/argo-cd"
Extension verification support Not Supported Only for GitHub New OID
scheme • sigstore-js (Was supported, but removed) • sigstore-rs (No stable release yet) • sigstore-ruby (No stable release yet) • policy-controller (Possible with attestation) • sigstore-python (CLI) • cosign • sigstore-java (With some tricks) • sigstore-python (API) • sigstore-go (Undocumented function) NewCertificateIdentity()
No one size fit all
No one size fit all GitHub GitLab
No one size fit all If you think some mapping
is not right? Raise a PR!! https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml
How to find me [email protected] richardfan1126 @richardfan1126