-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Comparison to new GitHub Artifact Attestations? #3618
Comments
We have not done a full evaluation yet. But for now, we know that Github's Action is meant to be at L2, while our slsa-framework's Workflows are at L3. |
I don't remember if we record the |
fwiw, it'd be fairly simple for a maintainer to obfuscate the code used to build their artifact by using a malicious (non-recorded) input combined with GH's script injection features :) |
True. We don't use workflow parameters though, so if that's the only missing piece, it sounds like we'd be able to use Artifact Attestations for L3? |
I would say no. The properties need to be project-agnostic, else there's no way for a verifier to trust builds from a builder across all their dependencies without inspecting the build workflow (defeats the purpose of SLSA levels). In SLSA the build level is associated with a builder and that's how we scale trust. |
Other inputs include secrets It's also worth distinguishing between generators and builders:
|
"features" 😄 Indeed, it's easy enough for these issues to fly under the radar that GitHub warns about it in the documentation specifically. For the generators, pretty sure we don't record slsa-github-generator/slsa/buildtype.go Lines 61 to 65 in 2f113ff
For builders we just have normal inputs and the build itself can't read the vars unless explictly given them so can't affect the build - #1555 (comment) |
To be fair though, for generators, we don't do any validation on the inputs so likely likely won't make a difference in our ability to verify. The only difference is that we can record the inputs in a trustworthy way whereas the GitHub artifact attestations currently cannot. Users of slsa-github-generator generators could implement their own policy checks over the inputs using the |
In practice it's unlikely those inputs would be used during verification, unless they meaningful "high-level" info about a build, like prod vs debug. However they are necessary incident response. Note that the slsa-verifier supports verifying workflow_dispatch inputs, at least for our v0.2 builders. |
Agreed. I think that it's also likely that users would want to apply their own policy over the inputs. For example, to verify that that the prod/debug flags are set properly for production, or to verify there are no inputs set at all etc. I did forget that we had the |
FWIW, I wrote a bit about Artifact Attestations here: https://www.ianlewis.org/en/understanding-github-artifact-attestations It's not specifically contrasting with this project but it does talk about why it's SLSA 2 and not SLSA 3. Maybe that would be helpful to folks wanting to know the differences. |
Is your feature request related to a problem? Please describe.
GitHub recently released Artifact Attestations as a new feature. It seems to overlap with the generators here, although I'm not entirely sure.
Describe the solution you'd like
A comparison of the two would be good to have. I'm not sure if Artifact Attestations would entirely replace the tooling here, but could perhaps be used together with them or as a subset?
Describe alternatives you've considered
n/a
Additional context
Saw the release of this new GH feature and it seemed very simple to use. Was wondering if it would make sense to use to implement SLSA for argoproj/argo-workflows#12099
The text was updated successfully, but these errors were encountered: