Developer Trust

Dast

フレームワーク

https://scrapbox.io/files/6124fdc010c52700237181cc.png

Identity

sigstore

code:bash

# generate key

$ export AWS_REGION=ap-northeast-1

$ cosign generate-key-pair -kms awskms:///alias/foo

$ cosign sign -key awskms:///alias/foo 318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot:a0b9e48

Pushing signature to: 318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot:sha256-2300103515a0a044da8f66a1a798fb202d2a4ad5224118aa876f59660f74282c.sig

$ cosign verify -key awskms:///alias/foo 318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot:a0b9e48

Verification for 318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot:a0b9e48 --

The following checks were performed on each of these signatures:

- The cosign claims were validated

- The signatures were verified against the specified public key

- Any certificates were verified against the Fulcio roots.

{"critical":{"identity":{"docker-reference":"318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot"},"image":{"docker-manifest-digest":"sha256:2300103515a0a044da8f66a1a798fb202d2a4ad5224118aa876f59660f74282c"},"type":"cosign container image signature"},"optional":null}

https://scrapbox.io/files/611aafeed7b546001da18fc1.png

code:bash

% cosign upload blob -f artifact 318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot

Uploaded image to:

318589095934.dkr.ecr.ap-northeast-1.amazonaws.com/shanai-benri-slack-bot@sha256:35326217eabd558d799f767dd4cb5101726546121c9ee6c8742cce13e3d61370

依存関連

知らん

ローカル開発

リポジトリ

OSのセキュリティhealth

https://scrapbox.io/files/611e8a0cbe8043002054fbe4.png

GitHub App

Organizationに

ブランチ保護

デフォブランチへの適用、承認の要求、承認の数、PRの開放、force pushのブロック

ばいなりアーティファクト

アウトサイドコラボレータ

pushできるか、admin権限もてるか

セキュリティ

デフォルトオプトインだが、optoutが推奨

runtime

https://gyazo.com/b3beee8166e4b973984fa2a93b57d227

If you are already logged in, please enable 3rd party cookies in your web browser settings.

https://www.youtube.com/watch?v=WiFCurWIMZY&list=PLLNq9CBV7AFwyRzICyCRKdcsAPAlG5bPu&index=12

https://gyazo.com/6413dc8ff079f07123201755cf0ce0dc

https://gyazo.com/aab9ac5f98507501b848bb2f7adcc8cb

If you are already logged in, please enable 3rd party cookies in your web browser settings.

https://gyazo.com/b7e702be8cf1000cf78daea4f36bc10b

If you are already logged in, please enable 3rd party cookies in your web browser settings.

https://www.youtube.com/watch?v=G-L8Ovsonok

https://gyazo.com/077ff6bd8e1f10cadaea914663bc3927