make sure the predicate is a SLSA build provenance

Author: kommendorkapten

README.md

@@ -135,6 +135,15 @@ The following three examples are provided:
    originating from a list of organizations, and built with a reusable
    workflow from a list of provided repositories.
 
+Assuming the policy for verifying images originating from a a specific
+repository is updated to contain the expected repositories, apply
+them to OPA Gatekeeper with the following command:
+
+```
+$ kubectl apply -f validation/from-repo-constraint-template.yaml
+$ kubectl apply -f validation/from-repo-constraint.yaml
+```
+
 ## Uninstall
 
 ```

rego/fixtures.rego

@@ -193,3 +193,100 @@ reusable := {
   "status_code": 200,
   "system_error": ""
 }
+
+non_provenance := {
+  "errors": [],
+  "responses": [
+    [
+      "ghcr.io/octoorg/octorepo:reusable",
+      [
+        {
+          "mediaType": "application/vnd.dev.sigstore.verificationresult+json;version=0.1",
+          "signature": {
+            "certificate": {
+              "buildConfigDigest": "bac1792245301bd84d20bcffa453b4ddf19e4f7b",
+              "buildConfigURI": "https://github.com/octoorg/octorepo/.github/workflows/build.yaml@refs/heads/main",
+              "buildSignerDigest": "123ba287d1eb31c27b6dd35b57d6c0b79be00a57",
+              "buildSignerURI": "https://github.com/buildorg/build-scripts/.github/workflows/image.yml@refs/heads/main",
+              "buildTrigger": "workflow_dispatch",
+              "certificateIssuer": "CN=Fulcio Intermediate l2,O=GitHub\\, Inc.",
+              "githubWorkflowName": "Build image w/ attestation",
+              "githubWorkflowRef": "refs/heads/main",
+              "githubWorkflowRepository": "octoorg/octorepo",
+              "githubWorkflowSHA": "bac1792245301bd84d20bcffa453b4ddf19e4f7b",
+              "githubWorkflowTrigger": "workflow_dispatch",
+              "issuer": "https://token.actions.githubusercontent.com",
+              "runInvocationURI": "https://github.com/octoorg/octorepo/actions/runs/14078191773/attempts/1",
+              "runnerEnvironment": "github-hosted",
+              "sourceRepositoryDigest": "bac1792245301bd84d20bcffa453b4ddf19e4f7b",
+              "sourceRepositoryIdentifier": "123525123",
+              "sourceRepositoryOwnerIdentifier": "98762123",
+              "sourceRepositoryOwnerURI": "https://github.com/octoorg",
+              "sourceRepositoryRef": "refs/heads/main",
+              "sourceRepositoryURI": "https://github.com/octoorg/octorepo",
+              "sourceRepositoryVisibilityAtSigning": "private",
+              "subjectAlternativeName": "https://github.com/buildorg/build-scripts/.github/workflows/image.yml@refs/heads/main"
+            }
+          },
+          "statement": {
+            "_type": "https://in-toto.io/Statement/v1",
+            "predicate": {
+              "buildDefinition": {
+                "buildType": "https://actions.github.io/buildtypes/workflow/v1",
+                "externalParameters": {
+                  "workflow": {
+                    "path": ".github/workflows/build.yaml",
+                    "ref": "refs/heads/main",
+                    "repository": "https://github.com/octoorg/octorepo"
+                  }
+                },
+                "internalParameters": {
+                  "github": {
+                    "event_name": "workflow_dispatch",
+                    "repository_id": "123525123",
+                    "repository_owner_id": "98762123",
+                    "runner_environment": "github-hosted"
+                  }
+                },
+                "resolvedDependencies": [
+                  {
+                    "digest": {
+                      "gitCommit": "bac1792245301bd84d20bcffa453b4ddf19e4f7b"
+                    },
+                    "uri": "git+https://github.com/octoorg/octorepo@refs/heads/main"
+                  }
+                ]
+              },
+              "runDetails": {
+                "builder": {
+                  "id": "https://github.com/buildorg/build-scripts/.github/workflows/image.yml@refs/heads/main"
+                },
+                "metadata": {
+                  "invocationId": "https://github.com/octoorg/octorepo/actions/runs/14078191773/attempts/1"
+                }
+              }
+            },
+            "predicateType": "https://slsa.dev/custom/v1",
+            "subject": [
+              {
+                "digest": {
+                  "sha256": "2059296ab5f2646f4db0fc14c0ffeb26e9967808ca960d5ce237204ad47d89af"
+                },
+                "name": "ghcr.io/octoorg/octorepo"
+              }
+            ]
+          },
+          "verifiedTimestamps": [
+            {
+              "timestamp": "2025-03-26T07:58:59Z",
+              "type": "TimestampAuthority",
+              "uri": "timestamp.githubapp.com"
+            }
+          ]
+        }
+      ]
+    ]
+  ],
+  "status_code": 200,
+  "system_error": ""
+}

rego/policies.rego

@@ -2,20 +2,29 @@ package policies
 
 fromOrg (resp, orgs) if {
    some i, j, k, l
+   provenance := "https://slsa.dev/provenance/v1"
+
+   provenance == resp.responses[i][j][k].statement.predicateType
    orgUri := resp.responses[i][j][k].signature.certificate.sourceRepositoryOwnerURI
    # Prefix the org name with / before doing comparisson
    endswith(orgUri, concat("", ["/", orgs[l]]))
 }
 
 fromRepo (resp, repos) if {
    some i, j, k, l
+   provenance := "https://slsa.dev/provenance/v1"
+
+   provenance == resp.responses[i][j][k].statement.predicateType
    uri := resp.responses[i][j][k].signature.certificate.sourceRepositoryURI
    # Prefix the repo name with / before doing comparisson
    endswith(uri, concat("", ["/", repos[l]]))
 }
 
 fromOrgAndSignerRepo(resp, orgs, signerRepos) if {
    some i, j, k, l, m
+   provenance := "https://slsa.dev/provenance/v1"
+
+   provenance == resp.responses[i][j][k].statement.predicateType
    orgUri := resp.responses[i][j][k].signature.certificate.sourceRepositoryOwnerURI
    signerUri := resp.responses[i][j][k].signature.certificate.buildSignerURI
    # Verify source owner org is allowed

rego/policies_test.rego

@@ -22,6 +22,10 @@ test_from_org_invalid if {
     not policies.fromOrg(fixtures.octo_org, ["unkown", "octoorga", "ctoorg", "aoctoorg"])
 }
 
+test_from_org_non_provenance if {
+    not policies.fromOrg(fixtures.non_provenance, ["octoorg"])
+}
+
 # From repo should pass if at least one repo is valid
 test_from_repo_pass if {
     policies.fromRepo(fixtures.octo_org, ["unkown/unkown", "octoorg/octorepo"])
@@ -41,6 +45,10 @@ test_from_repo_invalid if {
     not policies.fromRepo(fixtures.octo_org, ["unkown/unkown", "ctoorg/octorepo", "aoctoorg/octorepo", "octoorga/octorepo", "octoorg/aoctorepo", "octoorg/octorep", "octoorg/octorepoa"])
 }
 
+test_from_repo_non_provenance if {
+    not policies.fromRepo(fixtures.non_provenance, ["octoorg/octorepo"])
+}
+
 # Same repo and signer
 test_with_signer_pass if {
     policies.fromOrgAndSignerRepo(fixtures.octo_org, ["unknown", "octoorg"], ["unkown/octorepo", "octoorg/octorepo"])
@@ -53,27 +61,31 @@ test_with_signer_pass if {
 
 # Empty input
 test_with_signer_empty if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, [], [])
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, [], [])
 }
 
 test_with_signer_empty if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, [""], [])
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, [""], [])
 }
 
 test_with_signer_empty if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, [], [""])
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, [], [""])
 }
 
 test_with_signer_empty if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, [""], [""])
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, [""], [""])
 }
 
 # Verify that no prefix weakness exists for the orgs
-test_from_repo_invalid if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, ["unkown", "ctoorg", "octoor", "aoctoorg", "octoorga"], ["octoorg/octorepo"])
+test_with_signer_invalid if {
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, ["unkown", "ctoorg", "octoor", "aoctoorg", "octoorga"], ["octoorg/octorepo"])
 }
 
 # Verify that no prefix weakness exists for the signer repos
-test_from_repo_invalid if {
-    not policies.fromOrgAndSignerRepo(fixtures.octo_org, ["octoorg"], ["ctoorg/octorepo", "octoorg/octorep", "octoor/octorepo", "octoorg/ctorepo"])
+test_with_signer_invalid if {
+    not policies.fromOrgAndSignerRepo(fixtures.reusable, ["octoorg"], ["ctoorg/octorepo", "octoorg/octorep", "octoor/octorepo", "octoorg/ctorepo"])
+}
+
+test_with_signer_non_provenance if {
+    not policies.fromOrgAndSignerRepo(fixtures.non_provenance, ["octoorg"], ["buildorg/build-scripts"])
 }

validation/from-org-constraint-template.yaml

@@ -38,6 +38,9 @@ spec:
 
         fromOrg(resp, orgs) {
           some i, j, k, l
+          provenance := "https://slsa.dev/provenance/v1"
+
+          provenance == resp.responses[i][j][k].statement.predicateType
           orgUri := resp.responses[i][j][k].signature.certificate.sourceRepositoryOwnerURI
           # Prefix the org name with / before doing comparisson
           endswith(orgUri, concat("", ["/", orgs[l]]))

validation/from-org-with-signer-constraint-template.yaml

@@ -38,6 +38,9 @@ spec:
 
         fromOrgWithSigner(resp, orgs, signerRepos) {
           some i, j, k, l, m
+          provenance := "https://slsa.dev/provenance/v1"
+
+          provenance == resp.responses[i][j][k].statement.predicateType
           orgUri := resp.responses[i][j][k].signature.certificate.sourceRepositoryOwnerURI
           signerUri := resp.responses[i][j][k].signature.certificate.buildSignerURI
           # Verify source owner org is allowed
@@ -47,7 +50,7 @@ spec:
           # find the occurence of `/.github/` and trim everything after it
           p := indexof(signerUri, "/.github/")
           signerRepoTrim := substring(signerUri, 0, p)
-          # add back the / prefix to get proper delimiter when doing comparison
+          # add back the / prefix to get proper delimiter when doing comparisson
           signerRepo := concat("", ["/", signerRepoTrim])
           endswith(signerRepo, concat("", ["/", signerRepos[m]]))
         }

validation/from-repo-constraint-template.yaml

@@ -38,6 +38,9 @@ spec:
 
         fromRepo(resp, repos) {
           some i, j, k, l
+          provenance := "https://slsa.dev/provenance/v1"
+
+          provenance == resp.responses[i][j][k].statement.predicateType
           uri := resp.responses[i][j][k].signature.certificate.sourceRepositoryURI
           # Prefix the repo name with / before doing comparisson
           endswith(uri, concat("", ["/", repos[l]]))