Skip to content

Commit

Permalink
Add KubeCon NA '23 doc
Browse files Browse the repository at this point in the history 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
  • Loading branch information
@marcelamelara
marcelamelara committed Nov 2, 2023
1 parent 509ffca commit 10eb1f7
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 1 deletion.
6 changes: 5 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,19 @@ for Python and Go environments.
We encourage you to gain a basic understanding of the [SCAI specification]
before using the scai-generator CLI tools in this repo.

For a full demo of how to use the Go [scai-gen](scai-gen/) tools, read our
[KubeCon NA '23 doc].

## Disclaimer

While the tools in this repo are conformant to the
[in-toto Attestation Framework], they do not generate **authenticated** SCAI
attestations. The example use cases in this repo are only provided for
illustrative purposes.
illustrative purposes, and should not be used in production.

[in-toto Attestation Framework]: https://github.com/in-toto/attestation/tree/main/spec
[intro doc]: docs/intro.md
[KubeCon NA '23]: docs/kubecon-na-23.md
[usage doc]: docs/usage.md
[SCAI specification]: https://github.com/in-toto/attestation/blob/main/spec/predicates/scai.md
[SCAI spec doc]: https://arxiv.org/pdf/2210.05813.pdf
Binary file added docs/images/scai-kubeconNA23-demo.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
45 changes: 45 additions & 0 deletions docs/kubecon-na-23.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# KubeCon NA '23 Demo

As part of the [in-toto Maintainer Track talk] at KubeCon NA '23, we present
a demo of the in-toto Attestation Framework, SCAI, and the in-toto Attestation
Verifier.

## Demo Setup

The overall flow implemented in the demo is as follows:

<img src="./images/scai-kubeconNA23-demo.png" alt="in-toto demo flow" width="600">

This demo setup is implemented using the [scai-gen GitHub Actions] in a Docker
container build [demo workflow] for the Hyperledger Labs Private Data Objects
project.

### Generated Attestations

This demo generates the follow _authenticated_ in-toto attestations:

* [SLSA Provenance] attestation for the container build
* [SCAI Attribute Report] attestation for additional integrity metadata about
the build

These two attestations are signed using cosign OIDC-based keyless signing,
and uploaded to the public Rekor log.

### Additional Tools

This demo makes use of the following additional tools:

* in-toto [attestation-verifier]
* [Anchore SBOM generator] GitHub Action
* [SLSA generic Provenance generator] GitHub Action
* [strace] Linux syscall tracer

[Anchore SBOM generator]: https://github.com/anchore/sbom-action
[attestation-verifier]: https://github.com/in-toto/attestation-verifier
[demo workflow]: https://github.com/marcelamelara/private-data-objects/blob/kubeconNA23-intoto-demo/.github/workflows/kubeconNA23-intoto-demo.yml
[in-toto Maintainer Track talk]: https://kccncna2023.sched.com/event/1R2mx
[SLSA generic Provenance generator]: https://github.com/slsa-framework/slsa-github-generator
[SLSA Provenance]: https://github.com/in-toto/attestation/blob/main/spec/predicates/provenance.md
[SCAI Attribute Report]: https://github.com/in-toto/attestation/blob/main/spec/predicates/scai.md
[scai-gen GitHub Actions]: https://github.com/in-toto/scai-demos/tree/main/.github/actions
[strace]: https://strace.io/

0 comments on commit 10eb1f7

Please # to comment.