Kubernetes has standardised on the Linux Foundation’s free software signing service, “sigstore”, to protect against supply chain attacks. sigstore, first released in March 2021, includes a number of signing, verification and provenance techniques that let developers securely sign software artifacts such as release files, container images and binaries with signatures stored in a tamper-proof public log. The service is free to use and designed to help prevent what are increasingly regular and sophisticated upstream software supply chain attacks.
sigstore’s founders include Red Hat, Google and Purdue University. Its adoption by Kubernetes — one of the world’s most active open source communities, with close to six million developers (a huge number given that CNCF data from December 2021 suggests that there are 6.8 million cloud native developers in total)– is a significant vote of trust in the standard for verifying software components. (nb The Linux Foundation hosts both sigstore and Kubernetes, as well as Linux, Node.js and a host of other ubiquitous critical software projects.)
Kubernetes 1.24 — released May 3 — and all future releases will now include cryptographically signed sigstore certificates, giving its developer community the ability to verify signatures and “have greater confidence in the origin of each and every deployed Kubernetes binary, source code bundle and container image”.
Few open source projects currently cryptographically sign software release artifacts, something largely due, the Linux Foundation suggested on sigstore’s launch back in March 2021, to the “challenges software maintainers face on key management, key compromise / revocation and the distribution of public keys and artifact digests.”
The move by Kubernetes’ maintainers comes as supply chain attacks escalated 650% in 2021. The Kubernetes team in early 2021 began exploring SLSA compliance to improve Kubernetes software supply chain security, explaining that sigstore was a “key project in achieving SLSA level 2 status and getting a head start towards achieving SLSA level 3 compliance, which the Kubernetes community expects to reach this August …”
(SLSA is a set of standards and technical controls that provide a a step-by-step guide to preventing software artifacts being tampered with, tampered artifacts from being used, and at the higher levels, hardening up the platforms that make up a supply chain. It was introduced by Google as a standard in June 2021.)
Kubernetes on sigstore
Dan Lorenc, original co-creator of sigstore while at Google (and presently CEO / co-founder of Chainguard) told The Stack that the sigstore General Availability (GA) production release is due out this Summer.
“This means enterprises and open source communities will benefit from stable APIs and production grade stable services for artifact signing and verification. This is being made possible thanks to the dedicated sigstore open source community, which has fixed major bugs and added key features in both services over the past few months. Sponsors like Google, RedHat, HPE and Chainguard provided funding that allowed us to stabilize infrastructure and perform a third-party security audit” he said, adding: ” Many programming language communities are working towards Sigstore adoption and the Sigstore community is working closely with them. We just announced a new Python client for PyPI and are hoping to extend this to other ecosystems like Maven Central and RubyGems.”
In terms of broader enterprise adoption (likely to accelerate when it is GA) he said in an emailed Q&A that “a number of enterprises have already adopted Sigstore and are using it for signing and verifying both open and closed software. Notably the Department of Defense Platform One team has implemented Sigstore signatures into the IronBank container hardening platform which means they can verify container images, SBOMS and attestations.
sigstore’s “keyless” signing has raised some concernst that it could make revocation harder but that’s not the case, he added, telling The Stack: “No, in fact the opposite is true! While it is true that the signatures on software are stored forever, software verification using Sigstore does support artifact revocation. Further, Sigstore allows after-the-fact auditing to help organizations understand the extent of a compromise, and Sigstore makes discovering compromises in the first place easier by posting signatures on a transparency log. The Sigstore community recently published ‘Don’t Panic: A Playbook for Handling Account Compromise with Sigstore’ with more details on this…”
In terms of policy automation or vendor services support for sigstore, Lorenc as a co-creator had understandably got in early. His company’s Chainguard Enforce, announced last week, is the “first tool with native support for modern ‘keyless’ software signing using the Sigstore open source standard” he said, adding that the product will give “CISOs the ability to audit and enforce policies around software signing for the code they use.”
sigstore’s release had met with genuine appreciation across the community in 2021, with Santiago Torres-Arias, Assistant Professor of Electrical and Computer Engineering, University of Purdue noting that “the software ecosystem is in dire need of something like it to report the state of the supply chain. I envision that, with sigstore answering all the questions about software sources and ownership, we can start asking the questions regarding software destinations, consumers, compliance (legal and otherwise), to identify criminal networks and secure critical software infrastructure. This will set a new tone in the software supply chain security conversation.”
“It’s great to see adoption of sigstore, especially with a project such as Kubernetes which runs many critical workloads that need the utmost protection,” said Luke Hinds, Security Engineering Lead at Red Hat, CTO & Member of the Kubernetes Security Response Team & Founder of the sigstore Project in a May 3 release.
“Kubernetes is a well known and widely adopted open source project and can inspire other open source projects to improve their software supply chain security by following SLSA levels and signing with sigstore,” added Bob Callaway, Staff Software Engineer at Google, sigstore TSC member and project founder.
He noted: “We built sigstore to be easy, free and seamless so that it would be massively adopted and protect us all from supply chain attacks. Kubernetes choice to use sigstore is a testament to that work.”
Security firm BlueVoyant earlier in 2021 noted after a survey of 1,500 CISOs, CIOs, and CPOs from the US, UK, Singapore, Switzerland and Mexico) that 77% had “limited visibility around their third-party vendors” (let alone the components they were using) and 80% having suffered a third-party related breach.”
Users can find out how sigstore works in more detail here.