Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link & SLSA attestor #149

Merged
merged 43 commits into from
May 9, 2024
Merged

Link & SLSA attestor #149

merged 43 commits into from
May 9, 2024

Conversation

jkjell
Copy link
Member

@jkjell jkjell commented Feb 5, 2024

Add a new link attestor and the ability to return multiple signed attestation with RunWithExports function.

jkjell and others added 15 commits February 5, 2024 08:23
@jkjell
Initial link attestor
63410d4 
Signed-off-by: John Kjell <john@testifysec.com>
@mikhailswift @jkjell
refactor: move gitoid code to cyrptoutil, use digestvalue everywhere (#…
7da776c 
…139)

When the functionality to calculate gitoids was added, there was a bit
of tech debt incurred since they didn't implement hash.Hash. This
remedies this with an admitedly hacky implementation of hash.Hash that
wraps the gitoid code. This also standardizes our cryptoutil fucntions
around the DigestValue struct that was added around this time to
differentiate between gitoids and regular hash functions.

Signed-off-by: Mikhail Swift <mikhail@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
@dependabot @jkjell
chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (#142)
924eb1f 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@694cdab...26f96df)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: John Kjell <john@testifysec.com>
@dependabot @ChaosInTheCRD @jkjell
chore: bump github/codeql-action from 3.23.1 to 3.23.2 (#143)
856b500 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.1 to 3.23.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@0b21cf2...b7bf0a3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD @jkjell
Adding job to auto cut releases (#141)
315793e 
adding job to auto cut releases

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD @jkjell
fixing error in github actions workflow (#147)
ad61b8a 
fixing error in workflow

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD @jkjell
RunAttestors refactor (#131)
ed1dfef 
* improving run attestors

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* finalising changes.

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* improving run attestors

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* finalising changes.

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* addressing review, restoring run type order

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* updating error handling logic

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* updating to go 1.21 for errors.Join

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

---------

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD @jkjell
Adding workaround due to failing workflows (#145)
ed519d1 
adding workaround due to failing workflows

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD @jkjell
Checking policy signature against cert constraints (#144)
04a8ef4 
* adding logic so policy signature can be checked against constraints
* threaded options into policy validation functionary
---------

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: John Kjell <john@testifysec.com>
Signed-off-by: John Kjell <john@testifysec.com>
@step-security-bot @jkjell
[StepSecurity] ci: Harden GitHub Actions (#148)
3cff01c 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add import for init and export variables
3d7747b 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add mulitple results to run to allow exporting attestors to indivudal…
7a1a1f7 
… files

Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add collection to result array
fb27f55 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Replace export parameters in run with attestor option
af0470f 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Fix golang lint isues
8e2aaa4 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Merge branch 'main' into link-attestor
bb8a962 
Signed-off-by: John Kjell <john@testifysec.com>
ChaosInTheCRD
ChaosInTheCRD reviewed Feb 5, 2024
View reviewed changes
run.go Outdated Show resolved Hide resolved
ChaosInTheCRD
ChaosInTheCRD reviewed Feb 5, 2024
View reviewed changes
run.go Outdated Show resolved Hide resolved
@ChaosInTheCRD
Copy link
Collaborator

some opinionated thoughts from me, one little style thing that I think could be a tiny bit neater, but on the whole I ike the principle of the link connector and providing this way of exposing attestations. Code is also really neat and tidy 😄.

@jkjell
Update link attestor testing
62057c3 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Merge branch 'main' into link-attestor
bb035a0 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add SLSA attestor
b11d528 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add interface for product attestor
ae52a37 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add more attestor interfaces
8f016d9 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell jkjell changed the title Link attestor Link & SLSA attestor Mar 25, 2024
@ChaosInTheCRD ChaosInTheCRD mentioned this pull request Mar 25, 2024
Open
ChaosInTheCRD and others added 6 commits April 4, 2024 15:09
@ChaosInTheCRD @colek42 @jkjell
Link attestor proposed changes (#204)
4d86ee9 
* unmarshal the time in the attestation collection correctly (#203)
* add StepName to AttestorContext
* use CollectionAttestion to properly set start/end times
---------

Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Cole Kennedy <colek42@gmail.com>
Co-authored-by: Cole <cole@testifysec.com>
Co-authored-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD
Merge branch 'link-attestor' of github.com:in-toto/go-witness into li…
1d19081 
…nk-attestor

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
@jkjell
Merge branch 'main' into link-attestor
690505e
@jkjell
Passing SLSA Attest tests for GitHub and GitLab
450a306 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Clean up
33f3905 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell
Add attestation test for link attestor
dba3c39 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell jkjell marked this pull request as ready for review April 8, 2024 02:24
jkjell and others added 4 commits April 9, 2024 20:35
@jkjell
Add data function for git interface and remove unused code
4e37a04 
Signed-off-by: John Kjell <john@testifysec.com>
@ChaosInTheCRD
Merge branch 'link-attestor' of github.com:in-toto/go-witness into li…
f6b9f69 
…nk-attestor
@ChaosInTheCRD
adding warning mesage for slsa attestor
bb842ee 
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
@jkjell
Try to gracefully handle gitlab jwt
ec4f58a 
Signed-off-by: John Kjell <john@testifysec.com>
@mikhailswift
Copy link
Member

Did a quick read through of the code and this all looks reasonable. Will pull and play with it tomorrow.

@jkjell
Merge branch 'main' into link-attestor
b2322d9 
Signed-off-by: John Kjell <john@testifysec.com>
@matglas matglas mentioned this pull request May 8, 2024
Draft
3 tasks
@ChaosInTheCRD
Merge branch 'main' into link-attestor
5ce8543 
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
@ChaosInTheCRD
ran go mod tidy
0f6805d 
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
@ChaosInTheCRD
ensuring link and slsa attestation exporting is optional
86d4e22 
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
ChaosInTheCRD
ChaosInTheCRD previously approved these changes May 8, 2024
View reviewed changes
@ChaosInTheCRD
Copy link
Collaborator

provisionally approving, as long as we can resolve #149 (comment)

@ChaosInTheCRD
Copy link
Collaborator

Just noticed as well, we need to fix DCO before merge 😄

@jkjell
Merge branch 'main' into link-attestor
0afae1b 
Signed-off-by: John Kjell <john@testifysec.com>
@jkjell jkjell requested a review from ChaosInTheCRD May 9, 2024 04:53
@ChaosInTheCRD ChaosInTheCRD merged commit 87975b4 into main May 9, 2024
15 checks passed
@ChaosInTheCRD ChaosInTheCRD deleted the link-attestor branch May 9, 2024 15:26
@marcelamelara marcelamelara mentioned this pull request May 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@colek42 colek42 colek42 left review comments

@ChaosInTheCRD ChaosInTheCRD ChaosInTheCRD approved these changes

@mikhailswift mikhailswift Awaiting requested review from mikhailswift

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jkjell @ChaosInTheCRD @mikhailswift @colek42 @step-security-bot