Understanding the Identity ofa CI Platform

November 12, 2024

5

Understanding the Identity of a CI Platform

Presented at SigstoreCon 2024

Richard Fan

November 12, 2024

More Decks by Richard Fan

See All by Richard Fan

You Don’t Need to Be a Hero to Contribute

0

5

JAWS Pankration 2024 - Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

64

Preserving privacy on data collaboration with AWS Clean Rooms

0

53

Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions

0

160

When Data Collaboration Meets Privacy: Privacy-enhancing Technologies on AWS

0

60

AWS Security Hub Central Configuration - An Easy way to monitor your Organization security posture

0

74

Create your first AWS Nitro Enclaves application

0

68

Building Security Data Lake

0

21

Other Decks in Technology

See All in Technology

既存プロダクトQAから新規プロダクトQAへ

0

140

How to learn AWS Well-Architected with AWS BuilderCards: Security Edition

PRO

0

140

R&D 祭 2024 UE5で絵コンテ・作画の制作支援ツールをつくる話

PRO

0

170

続運用改善、不都合な真実〜物理制約のない運用改善はほとんど無価値 / 20260518-ssmjp-kaizen-no-value-without-physical-constraints

2

230

「強制アップデート」か「チームの自律」か？エンタープライズが辿り着いたプラットフォームのハイブリッド運用/cloudnative-kaigi-hybrid-platform-operations

0

200

開発サイクルのボーダーレス化に伴う組織変革から学んだこと / Organizational Transformation Amid the Borderless Development Cycle

0

110

AI対話分析の夢と、汚いデータの現実 Looker / Dataplex / Dataform で実現する品質ファーストな基盤設計

0

530

可視化から活用へ — Mesh化・Segmentation・アライメントの研究動向

gpuunite_official

0

220

Sociotechnical Architecture Reviews: Understanding Teams, not just Artefacts

1

180

SREの仕事は「壊さないこと」ではなくなった〜自律化していくシステムに、責任と判断を与えるという価値〜 / 20260515 Naoki Shimada

PRO

1

170

サイボウズ、プラットフォームエンジニアリング始めるってよ ― プラットフォームチームの事業貢献と組織アラインメントの強化

0

110

Agent の「自由」と「安全」〜未来に向けて今できること〜

0

360

Featured

See All Featured

SEO Brein meetup: CTRL+C is not how to scale international SEO

1

2.6k

Bash Introduction

615

210k

30 Presentation Tips

PRO

1

290

Leveraging Curiosity to Care for An Aging Population

1

240

The Language of Interfaces

162

26k

[RailsConf 2023 Opening Keynote] The Magic of Rails

31

10k

Conquering PDFs: document understanding beyond plain text

PRO

4

2.7k

Tips & Tricks on How to Get Your First Job In Tech

1

500

What Being in a Rock Band Can Teach Us About Real World SEO

0

230

Deep Space Network (abreviated)

0

140

Hiding What from Whom? A Critical Review of the History of Programming languages for Music

2

800

Learning to Love Humans: Emotional Interface Design

275

41k

Transcript

None
Richard Fan Understanding the Identity of a CI Platform
Who am I • Security Engineer • AWS Security Hero
• Amateur hacker OSCP – but forgot how to try harder • Love travel, hiking • Have a cat
Who am I • 10 Nov, 2024 @Brian Head
(Refresher) Fulcio
(Refresher) Fulcio
Reusing other’s identity
Victim? … argo-cd
Victim? … argo-cd Pass the check!!!
Check more extension --certificate-github-workflow-repository "argoproj/argo-cd"
Extension verification support Not Supported Only for GitHub New OID
scheme • sigstore-js (Was supported, but removed) • sigstore-rs (No stable release yet) • sigstore-ruby (No stable release yet) • policy-controller (Possible with attestation) • sigstore-python (CLI) • cosign • sigstore-java (With some tricks) • sigstore-python (API) • sigstore-go (Undocumented function) NewCertificateIdentity()
No one size fit all
No one size fit all GitHub GitLab
No one size fit all If you think some mapping
is not right? Raise a PR!! https://github.com/sigstore/fulcio/blob/main/config/identity/config.yaml
How to find me [email protected] richardfan1126 @richardfan1126