Skip to content

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

License

Notifications You must be signed in to change notification settings

austinsonger/GitTrust

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

Inspired By: FIGMA


To proactively mitigate the risk of malicious code reaching production, GitTrust ensures that code changes merged into GitHub release branches come from trusted, company-managed devices. It does this by S/MIME signing for Git commits in an environment where devices are managed by MDM and access control is managed by Okta. It ensures that only compliant devices can make signed commits to Git repositories.

PROJECT-WIDE TO-DO

  • Issue X.509 Okta Device Trust certificates to MacBooks from an Amazon Private Certificate Authority (CA) (The certificates will be distributed through MDM, renew every 30 days, and attest that a laptop meets Endpoint Security Baseline criteria at the time they’re issued.)

MDM

Signing Commits with Device Trust Certificates

Verifying Signatures with AWS Lambda and GitHub Apps

Verifying Bot-authored Commits

About

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

Topics

Resources

License

Security policy

Stars

Watchers

Forks