Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
content: source track draft: simplify and clarify level goals #1097
content: source track draft: simplify and clarify level goals #1097
Changes from 20 commits
989aeb8
b4f8b7b
68e8632
5d5df51
b2071c0
cc8a51c
5a456d6
ad62f09
e4050b4
47f8ad3
d212e08
8bf4205
2343b07
a7fd4fe
b003548
09b0c67
6d3e582
99f372a
6b82d6d
a583425
64132b8
9ab53dc
7269b05
1be7b2a
7faa87d
843729c
69f611c
08ec500
6515598
f962ac4
d809349
2f86109
834d64c
9b72a77
006a4c1
febc191
6e3f3e3
6c05dc1
3919bad
cb63de3
f2398a4
d1219c6
5527616
6df6b33
31d63ba
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I presume the repository ID is different from the URL to locate the repository on the SCP? For example, the repository ID for this one is
346517502
per https://api.github.com/repos/slsa-framework/slsa.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I had imagined the repository ID is the URL (e.g.
https://github.com/slsa-framework/slsa
).Having it be something that's meaningful to humans would be pretty beneficial.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I think that's partly what I was getting at. I wonder if there's an endpoint to translate the numeric ID to the URL or if the current definition for repository (even without the ID) inherently has a URL associated with it because we only consider a repository on the SCP at the moment. This is part of the massaging I wonder if I should take a stab at separately.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO we should consider the numeric ID to be an implementation detail and not worry about it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's an interesting question -- today we definitely have resurrection and rename attacks (so you need the gh repo numeric id to disambiguate), but I think in combination with the git object id, the url is probably fine.
IE, it doesn't likely matter much if a hijacked repo (with a different numeric id) has the same url and ships the same revision, we can ship the corresponding attestation. I'd want to think through it some more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are you envisioning for "documented process"?
It could be something like "each project needs to write down in a README how they make changes to their codebase and then have some way to enforce that in the SCP" but that doesn't seem right. It would be putting too much on the individual project owners. (and it would be really hard to check automatically). So maybe it's just for the SCP.
Maybe it's more like "The SCP must document how changes can be made to the underlying VCS and what restrictions project owners can place on that process. When owners configure these restrictions it must not be possible to bypass the restrictions. E.g. if a project branch is configured to require a pull request prior to merge it must not be possible to modify that branch without going through a pull request."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For soc 2 style audits, there's a real document somewhere that matters, but I don't think we need that here. I generally think these kind of semantics can just be encoded into the rules and that's good enough.
Effectively, a git repo is going to be full of a lot of junk. For consumers to make sense of it, an organization needs to explain very basically how they're using git. I think there should be some statement, configuration, or document of process that says or implies:
My Development Process
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think my only objection is how open ended that sounds (and asking all the OSS maintainers to document that explicitly sounds like a chore no one would like).
However, it seems like something we can very easily cover automatically? "The source repo MUST indicate which branches and tags are protected by SLSA controls and which level they are protected at."
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current wording of the summary suggests that any consumer can request this evidence (which will be very detailed). For OSS that's probably fine but for closed source software it would be a problem as it might leak PII, intellectual property, etc...
I think the real goal is that the SCP and those responsible for checking the SCP have access to this evidence.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But perhaps 'consumer' is really "people and tooling that have access to the source code", which might not include downstream users of the software itself?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think if you can clone the repo, you should be able to get the attestation (that's how build attestation serving works too).
There may be cases where the source is packaged into a zip or something, in that case there's lots of wiggle room to inject malicious content and we should fall back to the build track approach: "We don't know what's in there but it was definitely built here." etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, "read access to the repo implies read access to the tamper-proof evidence?" That works for me.
Access to source in a zip should be considered out of scope since SLSA doesn't consider that to be source.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's an interesting topic on its own -- not all zips are the same I guess. GH lets you download as a zip to avoid the inefficient git clone. It's a common way to consume source in build systems -- I think it's used by actions directly?
It seems like if you have access to the repo revision, you should be able to get the attestations.
I generally think it shouldn't matter how you transferred a repository -- if there is a stable way to recover the repository id, that should be enough to verify.
If the revision you care about is packaged into some other zip in a way that is not generated / underwritten by the SCP, you'd definitely need to fall back to other package security techniques.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How strongly do you feel about the "associated with the actor's pushes to a Git server" change?
It seems like it could be excessively formal while "used to push" seems to get the same thing across.
But maybe there's a technical nuance I'm not aware of that makes "used to push" ambiguous?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it could get a little more nuanced, which I was planning to take a stab at addressing separately. On another part, for applicable types of identities, the doc mention things like signatures that could tie into this bit with git signed pushes and so on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, then I wonder if we can just leave it alone? It does say 'typically' which doesn't rule out doing something fancier?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
True, but I think there's still some tension in the former sentence about the identity used in the provenance attestation, since elsewhere the doc indicates other mechanisms are allowed to. Definitely support punting this one to a separate PR / discussion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For clarity, here's what I mean re identity management:
slsa/docs/spec/draft/source-requirements.md
Lines 89 to 93 in 09b0c67
I also want to note that I can help massage the gittuf bits there as it uses signatures as the authenticating mechanism, but provides the authenticated metadata layer that can determine what signing keys / identities are trusted, so effectively the policy layer. I don't want to overload this one PR or put all the burden on @zachariahcox to incorporate changes!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Gotcha. One thing that might help is having some way to talk about 'the system' as a whole vs the individual pieces. That system needs identity management and it might be that that is provided by the SCP, or with something like GitTuf, or via 'control over an email address'? Then perhaps the details can go into something like https://slsa.dev/spec/v1.0/verifying-systems for source systems?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quite possibly! That's what I hope to propose, and I think that naturally addresses some of the points I raised elsewhere about the attestations we'd use in this track.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, "used to push" is the typical case for the big cloud SCPs.
If your identity system is signature based, I guess we'd be trying to say "the identity used by the SCP's primary authentication mechanism?"
Ideally no system would use a mix of identities -- like if one commit wasn't signed, it would fall through to trusting the
committer
or something.