Github SLSA Provenance

[puerco]

Work in progress:

Attestation rules

[jhrozek]

@puerco I pushed a new patch into your branch (hopefully that's OK since you can just delete it if you don't like the patch). I will point out the changes in inline comments.

[jhrozek]

I think we should not change the existing type but add a new one.

[JAORMX]

I agree with this, if we want to change the signature, behavior or even deprecate the previous behavior, we should just document the deprecation and create a new rule type.

[puerco]

yes totally agree i had not gotten to that part

[jhrozek]

I was getting errors unless I made the array type a string and then enumerated the allowed values.

[jhrozek]

Note that the default has no effect on minder right now...

[jhrozek]

this filter is the most important change and one I am not sure is correct. But based on my reading of your code what you wanted was to:

• evaluate only artifacts whose predicate_type is "https://slsa.dev/provenance/v1" and the buildType is "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1" and skip the rest right?
• those that match the two conditions above must match the profile

[puerco]

Yes correct! Thank you 🙏

[jhrozek]

this should mark the rule as skipped if there are no matching artifacts (with "https://slsa-framework.github.io/github-actions-buildtypes/workflow/v1" == buildType and ""https://slsa.dev/provenance/v1" == predicate_type)

[puerco]

Oh interesting. Is skip a custom value that minder recognizes or is it just vanilla rego?

[jhrozek]

minder: https://github.com/stacklok/minder/blob/ee66f6c0763212503c898cfefb65ce1450c7f5ac/internal/engine/eval/rego/result.go#L94

[jhrozek]

note that these conditions don't handle all the parameters in the rule_schema but I wasn't sure if you only want to match those under the attestation or also those in the top-level attributes.

[JAORMX]

Do we want to match all parameters? At some point it would be good just to have minimal rules that check different aspects of the attestation. That way we'd get more relevant error messages. Similar to what we did for branch protection rules.

[jhrozek]

yes, that's why I think we should create a new rule.

[puerco]

I think we should match all that are defined if possible. But I expect these to evolve, possible to a more advanced and general SLSA rule type.

[jhrozek]

sorry, can you elaborate? Now we do match all defined as params in the ruletype did you mean all that exist in the ingestion result that we send?

[jhrozek]

here's the profile I was testing with:

# sample policy for validating artifact signatures
version: v1
type: profile
name: artifact-signature-extended
context:
  provider: github
artifact:
  - type: artifact_signature_slsa
    params:
      tags: ["latest"]
      #tags: []
      name: good-repo-go
    def:
      is_signed: true
      is_verified: true
      workflow_repository: https://github.com/jakubtestorg/good-repo-go
      workflow_ref: refs/heads/main
      event: ["workflow_dispatch"]
      runner_environment:  https://github.com/actions/runner/github-hosted
      signer_identity: .github/workflows/build-image-signed-ghat-malicious.yml
      cert_issuer: https://token.actions.githubusercontent.com # or for example - https://accounts.google.com

[jhrozek]

note: I just updated the runner_environment from simple string to a URL. I caught that when I was testing the profile for our blog post and fixed it there, but not here in the example in this PR.

[puerco]

Closing this one in favor of #106 (from a branch, not a fork)