Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

verification attestor #55

Merged
merged 7 commits into from
May 9, 2024
Merged

verification attestor #55

merged 7 commits into from
May 9, 2024

Conversation

mikhailswift
Copy link
Member

@mikhailswift mikhailswift commented Oct 16, 2023

Fixes in-toto/witness#14

The rough idea here is to have go-witness.Verify actually be a go-witness.Run with a verification attestor as it's Execute attestor. This allows a few different things:

  1. We can create verification attestations. We're currently using the SLSA VSA format. There is some chatter about moving this under the in-toto attestation group: Attestation for policy verification attestation#277 . This would involve generalizing some of the SLSA specific data in the VSA, which would be ideal.
  2. We can collect other attestations about the system that verified an artifact. Since the policy verification is happening within the verification attestor in an attestation context, we can also run our other suite of attestors, such as the GitHub or GitLab attestors, and collect more information about where an artifact was verified.
  3. We can use verification attestations in a handful of ways, including "caching" decisions within an admission controller. A policy could potentially define a way to act as a quick pass if we see we've already verified an artifact against a specified policy. This could be time-gated, so we must re-evaluate if the verification attestation is past a certain age.
  4. Act as a summary of a group of raw attestations. Some attestations may not be fit for public consumption. In these cases, organizations could publish the VSA instead of raw attestations to their end users.

There are a few philosophical questions and changes to the go-witness API happening here we should think a bit about:

In main today, the DSSE signing code will throw up if at least one signer isn't provided. This makes sense; why wrap something in a DSSE envelope if it won't be signed? However, we don't want every verifier to have keys distributed to them. Users should be able to run go-witness.Verify without providing a key. If one is provided, a signed VSA should be created. In this draft changeset, this error is removed. An unsigned envelope will be returned if no signers are provided to the DSSE code.

This has the side-effect of allowing users to run go-witness.Run without a signer provided. This may not be a bad thing, we would hand back an unsigned envelope of attestations. This could allow users to play with Witness more quickly and sort out key distribution once ready.

While we offer no guarantees of backward compatibility, this may involve some breaking changes to go-witness's surface APIs. We shouldn't let this stop us from making choices, but we should be cognizant of the pain this will cause and ensure we do it for the right reasons.

@mikhailswift mikhailswift changed the title wip: implement verification attestor that returns a slsa VSA" wip: implement verification attestor that returns a slsa VSA Oct 16, 2023
Copy link
Contributor

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple of suggestions.

attestation/verification/verification.go Outdated Show resolved Hide resolved
attestation/verification/verification.go Outdated Show resolved Hide resolved
@mikhailswift mikhailswift force-pushed the feat/verification-attestation branch 2 times, most recently from 070f09d to 2eec808 Compare October 24, 2023 02:56
@mikhailswift
Copy link
Member Author

mikhailswift commented Oct 24, 2023

Additional changes pushed to this:

  • Added the insecure flag to go-witness.Run to allow running without signers provided.
  • If an ErrPolicyDenied error is received from policy.Verify, it is returned to the caller. This is the canonical way to communicate verification failures to callers currently, so this is an effort to maintain that consistency.
  • Added signer options to VerifyOptions. This is a bit confusing and I don't love it... Because we also have a VerifyWithRunOptions that will forward Run options, the user could supply signers in various ways currently.

This still needs tests, but I am able to run our witness test scripts with these changes with this branch on witness: https://github.com/testifysec/witness/tree/feat/verification-attestation

attestation/policyverify/policyverify.go Show resolved Hide resolved
policyResult, policyErr := pol.Verify(ctx.Context(), policy.WithSubjectDigests(vo.subjectDigests), policy.WithVerifiedSource(verifiedSource))
if _, ok := policyErr.(policy.ErrPolicyDenied); ok {
accepted = false
} else if err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the code should check for policyErr instead of err here.

var accepted bool
	policyResult, policyErr := pol.Verify(ctx.Context(), policy.WithSubjectDigests(vo.subjectDigests), policy.WithVerifiedSource(verifiedSource))
	if _, ok := policyErr.(policy.ErrPolicyDenied); ok {
		accepted = false
	} else if policyErr != nil {
		return fmt.Errorf("failed to verify policy: %w", policyErr)
	} else {
		accepted = true
	}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup, good catch

return map[string]cryptoutil.DigestSet{}
}

func (vo *Attestor) Attest(ctx *attestation.AttestationContext) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A nit vo. Having consistent receiver name with vs helps :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, the receiver name is a byproduct of the code moving where the variable was originally of type verifyOptions, this should be renamed to be consistent with our new receiver.

@mikhailswift mikhailswift force-pushed the feat/verification-attestation branch 5 times, most recently from 39f78db to 7fdb712 Compare October 27, 2023 07:03
@mikhailswift
Copy link
Member Author

I added a second commit to this to support some work I'm doing in a separate project that's using go-witness. It's not directly related to VSAs, but I needed it for work in the archivista-data-provider.

When this PR gets moved out of draft and is ready for merge, the second commit will be broken out into it's own PR as it is a sizeable change in it's own right.

@mikhailswift mikhailswift force-pushed the feat/verification-attestation branch 2 times, most recently from ab29b9a to ab4f36c Compare October 27, 2023 07:11
@naveensrinivasan
Copy link
Contributor

I added a second commit to this to support some work I'm doing in a separate project that's using go-witness. It's not directly related to VSAs, but I needed it for work in the archivista-data-provider.

When this PR gets moved out of draft and is ready for merge, the second commit will be broken out into it's own PR as it is a sizeable change in it's own right.

Currently, the cryptoutil.DigestValue type is used extensively across the codebase. While this works well for our current needs, it might make the code more rigid and harder to test.

One way to improve this could be to define an interface that cryptoutil.DigestValue satisfies. This would allow us to create mock implementations for testing different scenarios and make the code more flexible. Here's a simple example of what this might look like:

type Digest interface {
    New() hash.Hash
    // other methods...
}

type DigestValue struct {
    // fields...
}

func (d DigestValue) New() hash.Hash {
    // implementation...
}

func SomeFunction(d Digest) {
    hash := d.New()
    // use hash...
}

In this example, SomeFunction can now accept any object that satisfies the Digest interface. This makes it easier to test SomeFunction with different implementations of Digest.

This is just a suggestion.

@mikhailswift mikhailswift force-pushed the feat/verification-attestation branch 2 times, most recently from a7a43aa to 876c7d2 Compare January 29, 2024 20:06
@mikhailswift mikhailswift force-pushed the feat/verification-attestation branch 4 times, most recently from 956e6a7 to 48472c7 Compare February 27, 2024 22:22
@jkjell jkjell force-pushed the feat/verification-attestation branch 2 times, most recently from cd2c7c0 to 8557fc7 Compare April 17, 2024 13:56
@mikhailswift mikhailswift marked this pull request as ready for review April 26, 2024 04:41
@mikhailswift mikhailswift changed the title wip: implement verification attestor that returns a slsa VSA verification attestor Apr 26, 2024
type Attestor struct {
slsa.VerificationSummary

policyTimestampAuthorities []timestamp.TimestampVerifier
Copy link
Collaborator

@ChaosInTheCRD ChaosInTheCRD May 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just being sure to ask what springs to mind, do we need all of these extra fields in the attestor? I can imagine that this information can be of use when performing validation on what was verified and how, but I supose this comes at the consequence of bloating the predicate output? Isn't one of the benefits of a VSA that it is lightweight and provides minimal predicate inspection by the final verifier? @mikhailswift @jkjell

Copy link
Collaborator

@ChaosInTheCRD ChaosInTheCRD May 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh ignore me here. I see that these are not fields to be added to the predicate but instead supporting fields for attestor functionality. The slsa.VerificationSummary is the only field that is used as the predicate.

One thing that springs to mind is that when we have the time, better moulding the structures so that predicates are defined very clearly could be a good thing 😄

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a nit so no action is required 👍

},
TimeVerified: time.Now(),
Policy: slsa.ResourceDescriptor{
URI: policyDigest[cryptoutil.DigestValue{Hash: crypto.SHA256, GitOID: false}], //TODO: find a better value for this...
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just picking up on the TODO here. Given that we can't provide a public location of the policies, wouldn't we be better (for now) using https://witness.testifysec.com/policy/v0.1 for this URI field?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is addressed in a PR I created #230

}, nil
}

func verifyPolicySignature(ctx context.Context, vo *Attestor) error {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noticed that this is a copy of https://github.com/in-toto/go-witness/blob/main/verify.go#L182. Would we not be better exporting the original function? alternatively we could stick it in an /internal location so that both verify.go and policyverify.go can make use of it without the copying? Unless there's something I am missing and this function is slightly different to the one in verify.go

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahhhh I see what you've done here. You've moved a lot of the logic from verify.go into policyverify.go. I am not averse to this, however I do think that there may be a better shared place for this function to live, as I reckon this functionality might need to be leveraged elsewhere in the codebase in the future.

Having said all this, it's not necessary right now and I am okay leaving it as is and kicking the can down the road so to speak until we need it elsewhere.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is addressed in a PR I created #230

run.go Show resolved Hide resolved
const (
Name = "policyverify"
Type = slsa.VerificationSummaryPredicate
RunType = attestation.ExecuteRunType
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't wish to make life more difficult in the process of getting this merged, but I think a new type should be declared here in to define its type.

I just ran the code locally, and in its current form, there's nothing from stopping me from trying to run this attestor during witness run. We should have an easy way to distinguish this attestor from the others that exist, and to me a verify type is the way we should to it.

Of course this is a small thing to implement (a variable declaration and a line somewhere in the Run logic to ensure that any verify attestors can't be executed, but I think it's crucial for user experience.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is addressed in a PR I created here

@ChaosInTheCRD
Copy link
Collaborator

I've created a PR here in the hope that it will speed up the process of getting this merged. I think there are still tests needed for the VSA logic, @mikhailswift let me know if you want me to take the reigns on writing these 😄

@jkjell jkjell force-pushed the feat/verification-attestation branch from 6fc599a to 1bd15fa Compare May 2, 2024 02:55
mikhailswift and others added 4 commits May 7, 2024 17:18
Co-authored-by: Kris Coleman <kriscodeman@gmail.com>
Co-authored-by: Brandon Hunter <brandon_hunter-wm@discovery.com>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
@jkjell jkjell force-pushed the feat/verification-attestation branch from 1bd15fa to d33965f Compare May 7, 2024 22:18
ChaosInTheCRD and others added 3 commits May 7, 2024 23:51
Improvements to VSA internal policy handling and other minor fixups.

---------

Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Mikhail Swift <mikhail@testifysec.com>
Co-authored-by: Kris Coleman <kriscodeman@gmail.com>
Co-authored-by: Brandon Hunter <brandon_hunter-wm@discovery.com>
Co-authored-by: John Kjell <john@testifysec.com>
…th verify attestor

Signed-off-by: John Kjell <john@testifysec.com>
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
@jkjell jkjell merged commit 3e62eab into main May 9, 2024
15 checks passed
@jkjell jkjell deleted the feat/verification-attestation branch May 9, 2024 04:02
kriscoleman pushed a commit to testifysec/judge-go-witness that referenced this pull request Jun 5, 2024
kriscoleman added a commit to testifysec/judge-go-witness that referenced this pull request Jun 15, 2024
* Initial commit

* chore: Configure SAST in `.gitlab-ci.yml`, creating this file if it does not already exist

* chore: initial commit of judge monorepo core projects

* chore: Set up our new home for product and development planning (in-toto#7)

chore: Set up our new home for product development and onboarding

Fixes #1
Fixes #2
removed spire k8s

* fix(web): friendly errors

fixes in-toto#19

* chore: Added issue templates for additional issue types

closes in-toto#16 a bit further, had some idle time

* chore: Added issue templates for epic and feature

* chore: update Judge monorepo with latest judge-api change delta

* story: As a user I want a simple and intuitive sign-in flow

fixes in-toto#20

Now when the user registers with their github, they are automatically signed in

* docs(web): added todo to move sorting logic that shouldn't be in frontend

* fix(web): the dashboard attestation results should belong to the repo they are associated with

fixes in-toto#18

* chore(web): remove of .old web ui

* fix(web): tests all pass

fixes in-toto#31

* chore: implemented prepush-if-changed so that we can only run tests for things on push if we actually changed them

* chore: implemented prepush test githooks for all go subprojectsg

* docs: wrote docs for our githooks

* chore: sorted our root package.json scripts

* feat: add proxies to production services for netlify deployments (in-toto#34)

Sets up proxies to archivista, judge-api, kratos, and login from
netlify deployments to our production instances of these. Eventually we
may need to break these out to short lived versions of the back end
services.

Fixes in-toto#33

* fix: adds missing wildcards to netlify redirects

Netlify was only doing redirects for exact matches of `/archivista` or
`/login`, where we want all paths to be redirected to those services.

Fixes in-toto#33

* fix: tell kratos to return us to our current judge web instance

* chore: implemented conventioanal-commits with commitlint

* docs: updated githooks documentation for conventional commits

* chore: implemented git-conventional-commits

this helps enable generating our versions and changelog from our git tree

helps close in-toto#9

* fix: githooks should be frictionless 

subtasks:
fix: prepush-if-changed shouldn't run node tests if node files aren't touched
chore: update commitlint to allow for bypassing with 'wip'
fix: prepushrc for node and go prepush test hook
chore: updates to commitlint for longer messages

fixes in-toto#40

if a ops developer contributed code but had not run `npm run start:web` on the web project to produce the graphql cache, then linting would fail.

Rather than ask ops devs to make sure they start the web app every now and then, we have addressed this by making the graphql cache optional.

* chore: updated subtree scripts

* Squashed 'subtrees/witness/' content from commit cc2478e

git-subtree-dir: subtrees/witness
git-subtree-split: cc2478e854c6dd91cc6b20ed3baa6ba47dbadb3f

* Squashed 'subtrees/archivista/' content from commit 21ab99d

git-subtree-dir: subtrees/archivista
git-subtree-split: 21ab99d5c42737eb9526ac43e51e460f74436685

* Squashed 'subtrees/go-witness/' content from commit 31e6790

git-subtree-dir: subtrees/go-witness
git-subtree-split: 31e6790

* chore: move subtrees to subtrees/ subfolder

closes in-toto#27

updated dev environment and githooks to work with new subtrees subfolder
updated docs on subtrees

* chore: upgrade kratos to v13.0 (in-toto#55)

chore: upgrade kratos

* fix: tests fail if you run npm build instead of npm start before testing

fixes in-toto#56

* chore(web): implement node workflow to github workflows

closes in-toto#60

allows us to build and test our web project from the monorepo as on changes to our trunk (`main`)

Signed-off-by: Kris Coleman <kriscodeman@gmail.com>

* feat: implemented metadata webhook in kratos for updating tenant metadata

closes in-toto#28

* feat: upgrade kratos ui

* Squashed 'subtrees/witness-run-action/' content from commit bdd8272

git-subtree-dir: subtrees/witness-run-action
git-subtree-split: bdd82729b316d071606007cc9eecae326429caaf

* chore: updated conventional-commit to support subtree type

* subtree(witness-run-action): onboarded the witness-run-action to the monorepo 

closes in-toto#70

* chore: updated download-compress-witness.sh to support macos

* chore: updated how we push subtrees to a smarter approach

now we don't push directly to main... we should just make a new branch off our trunk before we push using the provided scripts. this will push a clean branch of just the subtree changes to the subtree.

* chore(web): update the yo generators to work with monorepo OOTB

also improved cli wordage

* feat(web): implemented RepoCard

RepoCard provides a reusable component for showing a repo with a Card view

* feat(web): implemented CommitLink component

provides a reusable commit for displaying a Commit

* story: as a user, anytime I click on a git sha, I want to copy it the clipboard

* ops(go): implement go ci workflow to github workflows

closes in-toto#62

* chore: dogfood the witness-run-action on the monorepo

closes in-toto#22

* subtree(witness-run-action): updated docs to help users with generating attestations in monorepos

* subtree(witness): updated `run` docs to help users with generating attestations in monorepos

* subtree(witness): updated `run` docs to help users with generating attestations with npm

* ops: renamed web.yaml to node.yml

* chore(judge-api): use logrus directly

* chore(archivista): use logrus directly

* fix(archivista): update archivista's usage of updated go-witness function

* feat(monorepo): add go workspace file to monorepo

* chore(judge-api): rename go module

* fix(monorepo): update witness-run-action version used

* chore(deps): bump yaml in /subtrees/witness-run-action

Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](eemeli/yaml@v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore(judge-api): support multiple database providers

* fix(witness): witness should not error on an empty git repo with no commits
Fixes in-toto#121

* chore: make skaffold config modular

* chore: add skaffold README

* chore(policy): implemented struct representing a decision on a policy

* feat(policy): judge-api has a endpoint for submitting witness verify results and stores them

* refactor(witness): use generic registry for attestor options

* refactor(go-witness): use generic registry for attestor options

* feat(go-witness): add signer provider registry

* refactor: add SetOptions helper to registry, fix return values in some signer's option funcs

* feat(witness): use signer registry to setup signers for CLI flags

* docs(witness): regenerate docs for new cli flags

* fix: use go mod download in install scripts for go modules

* feat(go-witness): add time.Duration option for registries

* feat(go-witness): add vault pki signer provider

* refactor(witness): create helper function to add options from registries

* docs(witness): regenerate docs for new cli flags

* fix(witness): re-enable verify tests

As part of the signer registry refactor I commented these tests out to
work on some other tests. Turns out I forgot to uncomment and fix these
before merging the refactor... Ooops.

* fix: fix remotes:add:all script

* Squashed 'subtrees/witness/' changes from cc2478e..8a53d68

8a53d68 fix: update github actions to use new fulcio url
2dc9401 fix: update goreleaser action to use go 1.20.x
9bac7df chore(deps): bump github.com/cloudflare/circl from 1.3.2 to 1.3.3
57b29fd feat: publish ko built images to ghcr
bde414e fix: use witness-run-action instead of testifysec-run-action
58b3f59 fix: update scorecard version to fix invalid key error

git-subtree-dir: subtrees/witness
git-subtree-split: 8a53d681de06d9a447210841c1e96e03b6c2edfb

* feat(policy, witness): added decisionLogUrl argument to verify

* feat(policy, go-witness): implemented decisionLogUrl and also implemented the policydecision cloudevent posting to decision log provider

* Squashed 'subtrees/witness/' changes from 8a53d68..be20100

be20100 fix: dev/Dockerfile.go-builder to reduce vulnerabilities
aa35c1f fix: update changed signer flags in tests
f7d7e96 fix: use the pflag.FlagSet.Set function to set values from config files
03ab65f fix: re-enable verify tests
5bf31d7 docs: regenerate docs for new cli flags
d713711 refactor: create helper function to add options from registries
88a8d93 docs: regenerate docs for new cli flags
4a41144 feat: use signer registry to setup signers for CLI flags
0c7a4e5 refactor: use generic registry for attestor options

git-subtree-dir: subtrees/witness
git-subtree-split: be20100af602c780deeef50c54f5338662ce917c

* Revert "feat(policy, go-witness): implemented decisionLogUrl and also implemented the policydecision cloudevent posting to decision log provider"

This reverts commit 21d6a66b5be18a9a165d18ce0528c8fbcf4ebd79.

* Revert "feat(policy): judge-api has a endpoint for submitting witness verify results and stores them"

This reverts commit f178afe.

* Revert "chore(policy): implemented struct representing a decision on a policy"

This reverts commit 627a7a2.

* Squashed 'subtrees/witness/' changes from be20100..06031da

06031da Checking attestors for duplicates (in-toto#361)
1a9b5a2 Initial attempt at PR and Issue templates (in-toto#351)
83ca942 chore: bump actions/download-artifact from 4.1.0 to 4.1.1 (in-toto#358)
63cc5d8 chore: bump github/codeql-action from 3.22.12 to 3.23.0 (in-toto#357)
70e0b09 chore: bump actions/upload-artifact from 4.0.0 to 4.1.0 (in-toto#356)
d2471e6 chore: bump actions/cache from 3.3.2 to 3.3.3 (in-toto#355)
f2e2a6f Update cloudflare/circl due to dependabot failure (in-toto#352)
abce18b Add cosign install
15d9014 Add signing to goreleaser and Best Practices badge to readme.
93768db Pin dependencies and restrict permissions
494d44a Add Security MD files an add FOSSA scan badge
b9e38d5 Add FOSSA license scanning
617e15a chore: bump actions/dependency-review-action from 3.1.4 to 3.1.5 (in-toto#349)
2c590bb Update go-git to resolve vulnerability (in-toto#346)
88881fa chore: bump actions/download-artifact from 4.0.0 to 4.1.0 (in-toto#342)
ea67d31 chore: bump github/codeql-action from 3.22.11 to 3.22.12 (in-toto#343)
b8f36d6 chore: bump actions/upload-artifact from 3.1.3 to 4.0.0 (in-toto#337)
34563ab chore: bump github/codeql-action from 2.22.9 to 3.22.11 (in-toto#336)
46b168d chore: bump actions/download-artifact from 3.0.2 to 4.0.0 (in-toto#335)
b36c96d Bumping Go version for goreleaser (in-toto#333)
c06555d Migrating to the use of in-toto/go-witness module (in-toto#331)
c0f5843 Migrating go module (in-toto#328)
937eab8 Adding the contributing.md from archivista (in-toto#327)
f0c8f43 Adding help to Makefile and updating `make test` target (in-toto#325)
71856fd chore: bump actions/dependency-review-action from 2.5.1 to 3.1.4 (in-toto#324)
709ad35 chore: bump github/codeql-action from 2.22.8 to 2.22.9 (in-toto#323)
684fd6a chore: bump actions/setup-go from 4.1.0 to 5.0.0 (in-toto#322)
a823f58 chore: bump actions/checkout from 3.6.0 to 4.1.1 (in-toto#321)
862d8c4 chore: bump actions/upload-artifact from 3.0.0 to 3.1.3 (in-toto#320)
b19afc8 Fix initial pre-commit violations (in-toto#319)
a56715e Refactoring error messages to use `%w` formatting directive and fix logging issue (in-toto#314)
0bca967 feat: add algo hash list for digest calc in config (in-toto#292)
81bdfce Improve gha (in-toto#318)
f65b232 [StepSecurity] Apply security best practices (in-toto#316)
bcf7ecf Update README.md - fixing quickstart url
8dde14c docs: correct sign policy file command in README.md
752b9e0 chore: bump github/codeql-action from 2.22.7 to 2.22.8
15bec9e chore: bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1
0363ee3 chore: bump actions/setup-go from 2 to 4
a412c18 chore: bump actions/cache from 2 to 3
e7a6f44 chore: bump github/codeql-action from 2.22.6 to 2.22.7
932ff1e chore: bump actions/checkout from 2 to 4 (in-toto#301)
5e56558 chore: bump github.com/stretchr/testify from 1.8.1 to 1.8.4 (in-toto#305)
f49ff8e chore: bump github.com/sirupsen/logrus from 1.9.0 to 1.9.3 (in-toto#304)
873f55c chore: bump golangci/golangci-lint-action from 2 to 3 (in-toto#303)
1880baa chore: bump ossf/scorecard-action from 2.1.3 to 2.3.1 (in-toto#302)
9380cbe chore: bump github/codeql-action from 1.0.26 to 2.22.6 (in-toto#300)
21cb944 chore: bump docker/login-action from 2 to 3 (in-toto#299)
2219a76 fix: updating urls to `in-toto` from `testifysec` and `-L` to the curl for version (in-toto#297)
b3d7207 Add dependabot config and add reusable workflow for calling witness (in-toto#298)
5beb113 Add maintainers file
602dc48 chore(deps): bump google.golang.org/grpc from 1.53.0 to 1.56.3
edef808 docs: Update key to signer-file-key-path in getting starter .witness.yaml
8e9d798 fix: dev/Dockerfile.go-builder to reduce vulnerabilities
27f68b9 chore(deps): bump golang.org/x/net from 0.7.0 to 0.17.0

git-subtree-dir: subtrees/witness
git-subtree-split: 06031da4459ee4aea13ee83c59f9dee8171133ff

* Squashed 'subtrees/witness/' changes from 06031da4..74f6c3dc

74f6c3dc chore: bump the all-go-mod group with 1 update (#425)
bed18639 Update GHA triggers to fine tune for code changes vs other updates (#406)
6f7d4a80 Adding ability to list attestors (#384)
1fbdaa9b chore: bump the all-gha group with 1 update (#426)
90cb5acb Update dependabot.yml (#405)
c86b46dc small typo fix (#424)
f5deef58 chore: bump express from 4.18.3 to 4.19.2 in /docs-website (#423)
6bec1817 chore: bump actions/cache from 4.0.1 to 4.0.2 (#421)
78f1a7b6 chore: bump actions/dependency-review-action from 4.1.3 to 4.2.4 (#420)
2b4213f1 chore: bump github/codeql-action from 3.24.8 to 3.24.9 (#419)
fe61acd7 chore: bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /docs-website (#417)
917e13b5 chore: bump docker/login-action from 3.0.0 to 3.1.0 (#413)
b1ee6814 chore: bump github/codeql-action from 3.24.6 to 3.24.8 (#415)
10f895d4 chore: bump actions/checkout from 4.1.1 to 4.1.2 (#412)
1844b269 chore: bump k8s.io/apimachinery from 0.29.2 to 0.29.3 (#411)
7528df2d chore: bump follow-redirects from 1.15.5 to 1.15.6 in /docs-website (#410)
3fc10e4e chore: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#409)
bb8b3c07 chore: bump the go_modules group group with 2 updates (#408)
910d630e Witness website netlify (#394)
a4c40293 doc: fix example in signers kms doc (#403)
09f8cbb2 fix: run e2e test script as part of workflows (#397)
e54d8be3 chore: bump actions/download-artifact from 4.1.2 to 4.1.4 (#399)
feac3aa7 chore: bump github/codeql-action from 3.24.5 to 3.24.6 (#400)
3c8d14d6 chore: bump actions/cache from 4.0.0 to 4.0.1 (#401)
997af3b5 Bump to go-witness v0.3.1 (#398)
dcac011c chore: bump github/codeql-action from 3.24.3 to 3.24.5 (#396)
c211bfee chore: bump actions/dependency-review-action from 4.1.1 to 4.1.3 (#395)
0df242bb chore: bump actions/dependency-review-action from 4.0.0 to 4.1.1 (#392)
db7a2664 chore: bump github/codeql-action from 3.24.0 to 3.24.3 (#391)
161286db chore: bump fossas/fossa-action from 1.3.1 to 1.3.3 (#390)
f772f2db chore: bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#387)
001a113b chore: bump k8s.io/apimachinery from 0.26.13 to 0.26.14 (#386)
e438568f chore: bump testifysec/witness-run-action from 0.1.3 to 0.1.5 (#389)
17bdb4ed Add Tom as a Witness maintainer (#385)
c27a4f56 KMS Support (in-toto#376)
be37eeee chore: bump actions/upload-artifact from 4.3.0 to 4.3.1 (#383)
58fe0939 chore: bump actions/download-artifact from 4.1.1 to 4.1.2 (in-toto#382)
1144fa56 chore: bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (in-toto#380)
3195add2 chore: bump step-security/harden-runner from 2.6.1 to 2.7.0 (in-toto#379)
2923f967 chore: bump github/codeql-action from 3.23.2 to 3.24.0 (in-toto#378)
0e7dda92 Add back license scanning badge (in-toto#377)
dfd64fe7 Updated witness to use changes made to `cryptoutil.DigestValue` implemented in go-witness (in-toto#371)
58d5516f chore: bump github/codeql-action from 3.23.1 to 3.23.2 (in-toto#370)
cd18d5eb chore: bump actions/upload-artifact from 4.2.0 to 4.3.0 (in-toto#369)
1bbd0e84 Updating timestamper (in-toto#367)
df179e2e Fixing mistakes in the readme (in-toto#368)
b90f41ba README and docs restructure (in-toto#362)
2b872a34 chore: bump actions/dependency-review-action from 3.1.5 to 4.0.0 (in-toto#366)
9247c817 chore: bump github/codeql-action from 3.23.0 to 3.23.1 (in-toto#365)
55418b54 chore: bump actions/upload-artifact from 4.1.0 to 4.2.0 (in-toto#363)
272e492b chore: bump actions/cache from 3.3.3 to 4.0.0 (in-toto#364)

git-subtree-dir: subtrees/witness
git-subtree-split: 74f6c3dcb07ad6b6c2e67eede125bca3ef302793

* chore(go-witness): update go-witness to use new store with http client methods

* chore: onboarding aws and localstack

chore(aws): refactor account numbers and regions to be set in cdk.json
feat(aws): judge-container-stack and eks construct
feat(aws): judge container stack
feat(aws): added s3 bucket
feat(aws): codebuild stack
feat(aws): judge aws self-mutating pipeline
feat(aws): new release action

* chore(deps): bump the go_modules group across 3 directories with 3 updates

Bumps the go_modules group with 3 updates in the /judge-api directory: [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose), [golang.org/x/net](https://github.com/golang/net) and gopkg.in/go-jose/go-jose.v2.
Bumps the go_modules group with 1 update in the /subtrees/archivista directory: [golang.org/x/net](https://github.com/golang/net).
Bumps the go_modules group with 1 update in the /subtrees/go-witness directory: [golang.org/x/net](https://github.com/golang/net).


Updates `github.com/go-jose/go-jose/v3` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3.0.3/CHANGELOG.md)
- [Commits](go-jose/go-jose@v3.0.2...v3.0.3)

Updates `golang.org/x/net` from 0.23.0 to 0.24.0
- [Commits](golang/net@v0.23.0...v0.24.0)

Updates `gopkg.in/go-jose/go-jose.v2` from 2.6.2 to 2.6.3

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.23.0...v0.24.0)

Updates `golang.org/x/net` from 0.22.0 to 0.23.0
- [Commits](golang/net@v0.23.0...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: gopkg.in/go-jose/go-jose.v2
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* subtree(go-witness): add git refs to go witness git attestor

* chore(deps): bump the go_modules group across 3 directories with 2 updates

Bumps the go_modules group with 2 updates in the /judge-api directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf.
Bumps the go_modules group with 2 updates in the /subtrees/go-witness directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf.
Bumps the go_modules group with 2 updates in the /subtrees/witness directory: [golang.org/x/net](https://github.com/golang/net) and google.golang.org/protobuf.


Updates `golang.org/x/net` from 0.24.0 to 0.25.0
- [Commits](golang/net@v0.24.0...v0.25.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1

Updates `golang.org/x/net` from 0.23.0 to 0.25.0
- [Commits](golang/net@v0.24.0...v0.25.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1

Updates `golang.org/x/net` from 0.23.0 to 0.25.0
- [Commits](golang/net@v0.24.0...v0.25.0)

Updates `google.golang.org/protobuf` from 1.33.0 to 1.34.1

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  dependency-group: go_modules
- dependency-name: golang.org/x/net
  dependency-type: indirect
  dependency-group: go_modules
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
  dependency-group: go_modules
...

Signed-off-by: dependabot[bot] <support@github.com>

* Squashed 'subtrees/witness/' changes from 74f6c3dcb..47b6e1cc1

47b6e1cc1 chore: bump github.com/spf13/viper from 1.18.2 to 1.19.0 in the all-go-mod group (#462)
3d08ed511 chore: bump the all-gha group with 2 updates (#461)
308aee9db Added generation of SBOM (#451)
f499ffbc7 docs(getting-started): add information about slsa attestor (#456)
b495cf739 fix(install-witness.sh): ensure compatibility with macOS for checksum verification (#459)
fa443884a Adding Signers section to website sidebar (#460)
6ab0464f5 Updating yarn and modifying ignore on netlify toml (#455)
d9733deea chore: bump the all-gha group with 2 updates (#457)
bb49495ad Changed all the broken links (#453)
16beb9e7f chore: bump k8s.io/apimachinery from 0.30.0 to 0.30.1 in the all-go-mod group (#450)
1b286b7a6 chore: bump the all-gha group with 2 updates (#449)
cb6a006bb Updating go-witness to v0.4.0 (#447)
405a64ddd Adding collection concept to docs and fixing code snippet formatting in md (#445)
b951db3fe Fixing CA Path Flag to be used and adding policy timestamp server flag (in-toto#353)
53aa6ade1 chore: bump the all-gha group with 5 updates (#444)
8e1f2fcda Attestor json schema (#443)
d866f90e8 Improving Verify Error Response (#430)
fc4849443 Link & SLSA attestor (in-toto#381)
0cd05b61f feat: Enable Witness Policy verify from Archivista (#438)
3a926efa6 chore: bump the all-gha group with 4 updates (#440)
7ba97fc2c Fixing incorrect error message on Verify (in-toto#350)
fb1519143 chore: bump k8s.io/apimachinery from 0.29.3 to 0.30.0 in the all-go-mod group (#433)
a099009e2 chore: bump the all-gha group with 5 updates (#435)
aa955f000 chore: bump the all-gha group with 4 updates (#434)
58c8f0708 chore: bump golang.org/x/net from 0.21.0 to 0.23.0 in the go_modules group (#432)
406b2bdba chore: bump the all-gha group with 2 updates (#431)

git-subtree-dir: subtrees/witness
git-subtree-split: 47b6e1cc1cdb55b2eb4c5610111514a737ccb4be

* feat: implemented dapr workflow engine and vulnerability scanning in JUDGE

Co-Authored-by: chaosinthecrd <tom@tmlabs.co.uk>

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* Squashed 'subtrees/witness/' changes from 47b6e1cc..f07725e5

f07725e5 refactor: make all run options have shorthand vars (#441)
f5f2ae60 Add logging of passed step if found during policy failure (#454)
54e8d188 fix: temporarily disable omnitrail on windows builds (#467)
f5b0e7b6 Remove Windows Arm64 build until fixed (#466)
c1352bd7 SBOM and Omnitrail Attestor (#464)
460f0401 chore: bump the all-gha group with 3 updates (#463)

git-subtree-dir: subtrees/witness
git-subtree-split: f07725e52356cdfe9bf113b2054521b923aef5d8

* feat(go-witness): add vex attestor

Co-authored-by: Nick Kane <nkane@testifysec.com>

---------

Signed-off-by: Kris Coleman <kriscodeman@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: Mikhail Swift <mswift@mswift.dev>
Co-authored-by: Mikhail Swift <mikhail@testifysec.com>
Co-authored-by: David Lake <dave2008@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Cole <cole@testifysec.com>
Co-authored-by: Nick Kane <nkanedev@gmail.com>
Co-authored-by: John Kjell <john@testifysec.com>
Co-authored-by: Nick Kane <nkane@testifysec.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Generate attestation bundle at verification time (Verification Attestations)
6 participants