SLSA E2E RFE with the in-toto Policy Framework and Verifier #1486
Description
cc: @trishankkarthik
As a response to the SLSA E2E RFE, our proposal presents a complete, reproducible end-to-end example that uses the in-toto Policy Framework to secure a software supply chain from source to end-user consumption. Our implementation centers around a component known as a Policy Verifier that takes an Artifact, a Policy (the security expectations the Artifact must meet), and an Attestation Bundle (signed evidence from each supply chain stage) which, in turn, produces a Policy Verification Summary Attestation (VSA) indicating whether the Artifact meets the Policy. A Policy VSA is a signed, auditable record that can be validated on its own. Consumers of the final Artifact can check it against the VSA to confirm that it satisfies the Policy’s security requirements.
The Policy Framework is intentionally flexible. Any Policy format, language, and engine may be used provided the implementation meets the framework’s requirements. Results are implementation-independent, which means given the same Attestation Bundle and essentially same Policy, any conformant Verifier should reach the same verdict, and emit a semantically equivalent Policy VSA. Users can therefore choose any conformant Verifier and remain interoperable.
We apply the Policy Framework with a Verifier based on attestation-verifier to secure an example end-to-end supply chain for the sigstore-js Artifact. The example spans six stages: Source → Build → Release → Verification → Publication → Use. The first three stages correspond to three different events in the software development cycle: the verification of source code on GitHub (Source), the building of source into an artifact using GitHub Actions (Build), and the release of that artifact by NPM (Release). Each event is associated with a signed Attestation about what happened, especially which inputs and outputs were consumed and produced.
In the Verification stage, the Verifier verifies these Attestations against a given Policy which expects these events to be correlated. Specifically, the Policy requires that precise git commit on GitHub that was verified (SLSA-Source-L3-compliant) is exactly the same commit that was built by GitHub Actions (SLSA-Build-L3-compliant), and the resulting package is also the same one released by NPM. The Verifier emits a Policy VSA indicating whether this Policy was met.
In the last Use stage, the consumer simply verifies the Artifact against the Policy VSA—without rerunning the more expensive Verification stage—in order to decide whether deployment should proceed or be blocked. Thus, we demonstrate how the Policy Framework can be used to secure realistic supply chains end-to-end.
Please let us know if you have any questions. Thank you for your time and consideration.