Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lukasjhan/anti-supply-chain-attack-build-system
https://github.com/lukasjhan/anti-supply-chain-attack-build-system
Last synced: 12 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/lukasjhan/anti-supply-chain-attack-build-system
- Owner: lukasjhan
- Created: 2023-04-30T08:12:38.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2023-04-30T08:12:59.000Z (over 1 year ago)
- Last Synced: 2024-10-24T08:52:35.668Z (2 months ago)
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Supply chain attack prevention system
## ABSTRACT
Modern software development becomes faster and faster. That is why we can not inspect every part of development closely. Source code, build system and codesign certificate is under serious threat.
## IDEA & CORE PRINCIPAL
The key part of this idea is integrity. We must secure integrity on source code and build system. Also We must keep our codesign certificate from being taken.
* source code & build system must control with VCS to monitor changes(Git, Docker).
* build system must be disposable(once build is done, build system must destoryed).
* codesign certificate must be stored in usb security token(never be stored on computer storage).## Release Build Process
1. Virtual image runs and clones source code from VCS.
2. After fetching source code, network disabled.
3. Usb security token insert and only virtual image can access it.
4. When build is done, the output is saved on storage, virtual build system is destoryed and usb security token is removed from computer.