Understanding the Identity ofa CI Platform

November 12, 2024

9

Understanding the Identity of a CI Platform

Presented at SigstoreCon 2024

Richard Fan

November 12, 2024

More Decks by Richard Fan

See All by Richard Fan

You Don’t Need to Be a Hero to Contribute

0

5

JAWS Pankration 2024 - Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

70

Preserving privacy on data collaboration with AWS Clean Rooms

0

53

Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

170

When Data Collaboration Meets Privacy: Privacy-enhancing Technologies on AWS

0

62

AWS Security Hub Central Configuration - An Easy way to monitor your Organization security posture

0

75

Create your first AWS Nitro Enclaves application

0

70

Building Security Data Lake

0

22

Other Decks in Technology

See All in Technology

AI駆動開発が変える、大規模開発の前提ーHuman in the Loop から Human on the Loop へ / AIE2026

visional_engineering_and_design

2

1.5k

Chart.js が簡単に使えるようになっていたので OGP 画像生成に使った話

0

130

PHP と TypeScript の型システム比較：AI 時代の「型」は誰のためにあるのか？ #frontend_phpcon_do / frontend_phpcon_do_2026

1

240

もりもり新機能を一挙紹介！ AgentCoreに入門して、AWS上にAIエージェントを構築しよう

PRO

6

670

探して_入れて_作って_使う_Agent_Skills___LT.pdf

2

150

価格.comをAI駆動で全面刷新するー 30年分の技術的負債を返し、次の30年の土台をつくるー / AI Engineering Summit Tokyo 2026

17

17k

個人AIからチームAIへ：開発における品質と生産性の再設計

PRO

0

360

電子辞書Brainをネットに繋げてみた(自力編)

0

420

Java正規表現エンジン（NFA）の仕組みとパフォーマンスを維持するための最適化手法

takeuchi_132917

0

170

Gradle×GitHub_ActionsでCI時間を約50%短縮ジョブ分割の設計と落とし穴 / Cutting CI Time by ~50% with Gradle and GitHub Actions: Job-Splitting Design and Pitfalls

0

600

Oracle AI Database@AWS：サービス概要のご紹介

oracle4engineer

PRO

4

2.8k

OCI Oracle AI Database Services新機能アップデート(2026/03-2026/05)

oracle4engineer

PRO

0

120

Featured

See All Featured

jQuery: Nuts, Bolts and Bling

66

8.5k

Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes

2

420

Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025

1

2k

Organizational Design Perspectives: An Ontology of Organizational Design Elements

PRO

1

720

Automating Front-end Workflow

1370

210k

How To Speak Unicorn (iThemes Webinar)

1

470

Reflections from 52 weeks, 52 projects

356

21k

AI: The stuff that nobody shows you

PRO

8

680

For a Future-Friendly Web

183

10k

Keith and Marios Guide to Fast Websites

413

23k

We Have a Design System, Now What?

55

8.2k

A brief & incomplete history of  UX Design for the World Wide Web: 1989–2019

2

390

Transcript

None
Richard Fan Understanding the Identity of a CI Platform
Who am I • Security Engineer • AWS Security Hero
• Amateur hacker OSCP – but forgot how to try harder • Love travel, hiking • Have a cat
Who am I • 10 Nov, 2024 @Brian Head
(Refresher) Fulcio
(Refresher) Fulcio
Reusing other’s identity
Victim? … argo-cd
Victim? … argo-cd Pass the check!!!
Check more extension --certificate-github-workflow-repository "argoproj/argo-cd"
Extension verification support Not Supported Only for GitHub New OID
scheme • sigstore-js (Was supported, but removed) • sigstore-rs (No stable release yet) • sigstore-ruby (No stable release yet) • policy-controller (Possible with attestation) • sigstore-python (CLI) • cosign • sigstore-java (With some tricks) • sigstore-python (API) • sigstore-go (Undocumented function) NewCertificateIdentity()
No one size fit all
No one size fit all GitHub GitLab
No one size fit all If you think some mapping
is not right? Raise a PR!! https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml
How to find me [email protected] richardfan1126 @richardfan1126