Verifiable eBPF Traces for Supply Chain Artifacts with Witness and Tetragon

Witness is an open-source project that allows software producers to make and verify attestations about the software they produce, making it easy to produce verifiable evidence for software builds. Archivist is a platform that stores these attestations. The goal is to automate pipeline compliance and ensure that the build materials that are expected to go into the build actually do go into that build.

• Witness implements the internal specifications and allows software producers to make and verify attestations about the software they produce
• It has integrations with open-source projects such as Sig store, Inspire, GitHub, and GitLab
• Witness makes it easy to produce verifiable evidence for software builds
• It supports both containerized and non-containerized workloads
• Archivist stores these attestations
• The goal is to automate pipeline compliance and ensure that the build materials that are expected to go into the build actually do go into that build

SolarWinds had a bad time when their build system was compromised, and they were shipping off signed artifacts that their customers trusted that had malicious code inserted into it. Their build system was compromised to the point where there was an agent running on their build system that every time a compiler kitchen action kicked off, it looked for a specific file and replaced it with its own version, therefore injecting that Trojan. There's really no way by looking at that artifact that you can tell that that happened. Witness aims to prevent this kind of situation by ensuring that the build materials that are expected to go into the build actually do go into that build.

Until now, validating the build environment and detecting tampered tooling in a build has been very difficult. This talk will show how Cillium Tetragon and Witness integration simplifies this process for developers and security engineers. Witness is a framework for supply chain security that implements the in-toto specification. It has a modular design, easily extendable for various attestors, backends, and key providers (including SPIFFE/SPIRE). This talk will show an attestation plugin that programs Cillum Tetragon to provide detailed eBPF traces of a build step. Additionally, we will create a build policy that verifies the trace and blocks the execution of workload compiled by a malicious compiler when the compiled workload is executed.