fix(pipeline): validate expected commit before passing to git-checkout pipeline #1667
Chainguard Enforce / Enforce - Commit Signing
succeeded
Nov 23, 2024 in 1s
Successfully verified commit signature.
CLAIM | DESCRIPTION | |
---|---|---|
✅ | Found Git signature | |
✅ | Validated Git signature | |
✅ | Validated Rekor entry | |
✅ | Allowed by policy |
Details
Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 524007134026811835563565523620506399993013879248 (0x5bc94ae499054199b767de7c63b97b36d5ea41d0)
Signature Algorithm: ECDSA-SHA384
Issuer: O=sigstore.dev,CN=sigstore-intermediate
Validity
Not Before: Nov 22 15:26:15 2024 UTC
Not After : Nov 22 15:36:15 2024 UTC
Subject: Subject Public Key Info:
Public Key Algorithm: ECDSA
Public-Key: (256 bit)
X:
4d:b0:18:16:58:ec:e8:9a:7b:b7:c9:5d:20:37:37:
05:10:6c:74:be:d9:0b:b1:14:fd:f9:3b:2b:2e:92:
df:b1
Y:
98:6e:85:3c:af:75:0e:dc:38:d0:03:fb:72:a0:03:
a6:af:4e:a2:9f:da:99:8f:87:0e:01:e8:a8:f6:50:
89:79
Curve: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
X509v3 Subject Key Identifier:
7D:13:35:5B:CE:19:12:23:BA:64:E9:5B:15:CF:DE:32:84:39:8E:71
X509v3 Authority Key Identifier:
keyid:DF:D3:E9:CF:56:24:11:96:F9:A8:D8:E9:28:55:A2:C6:2E:18:64:3F
X509v3 Subject Alternative Name: critical
email:luca.dimaio@chainguard.dev
oidcIssuer:
https://accounts.google.com
Unknown extension 1.3.6.1.4.1.57264.1.8
Signed Certificate Timestamp:
BHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABk1R7HvgAAAQDAEgwRgIhAKkM0eFJubpOrjS1WoxwtcX4dP3LeQ4NcgF11nLKPIBzAiEAuBwaWvVhKIJ2WCk5RAAqP94CRtbE/6x8fsonhBjnYX0=
Signature Algorithm: ECDSA-SHA384
30:65:02:30:55:27:8c:04:ad:9b:f9:1f:2a:df:40:64:a8:f5:
be:1c:7c:81:3b:df:18:e1:bb:9a:ac:e6:e3:e8:8b:6a:42:a7:
85:26:6f:97:31:0f:8b:66:cd:2b:34:e3:7a:bd:c1:7e:02:31:
00:97:b4:6d:e2:40:cc:9a:46:d5:d6:2e:95:30:35:91:61:e9:
fa:27:c5:9d:11:bb:19:7f:42:07:a1:7f:d5:4a:d1:fc:32:92:
5a:d4:b3:97:99:4c:6d:73:0e:35:8c:ca:64
Rekor Entry
{
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJkZjJmYzJlZTZjNzZmODIzNzQzNDUyNDk0Y2Q4MTcwZGEyNDhjNTcxZmQ0NWFhNmEwZjBkZDhkZDExZWE4ZmM0In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJUUNOM2Uybk5TYU1ycWx4VGZoRmtzY051VWptZFVSN1pMNHlwdE4zeVNPZWtRSWdMT2tsLzRvSUp2ekRISFhzVFFMdkpTM1VSb2F0MlhSQUN6RVdGdjRhU1dNPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTXhSRU5EUVd4eFowRjNTVUpCWjBsVlZ6aHNTelZLYTBaUldtMHpXamsxT0ZrM2JEZE9kRmh4VVdSQmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcFJlRTFVU1hsTlZGVjVUbXBGTVZkb1kwNU5hbEY0VFZSSmVVMVVWWHBPYWtVeFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZVWWtGWlJteHFjelpLY0RkME9HeGtTVVJqTTBKU1FuTmtURGRhUXpkRlZTOW1hemNLUzNrMlV6TTNSMWxpYjFVNGNqTlZUek5FYWxGQkwzUjViMEZQYlhJd05tbHVPWEZhYWpSalQwRmxhVzg1YkVOS1pXRlBRMEZZYTNkblowWXhUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZtVWsweENsYzRORnBGYVU4MldrOXNZa1pqTDJWTmIxRTFhbTVGZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDB0QldVUldVakJTUVZGSUwwSkNOSGRJU1VWaFlraFdhbGxUTld0aFZ6Rm9ZVmM1UVZreWFHaGhWelZ1WkZkR2VWcEROV3RhV0ZsM1MxRlpTd3BMZDFsQ1FrRkhSSFo2UVVKQlVWRmlZVWhTTUdOSVRUWk1lVGxvV1RKT2RtUlhOVEJqZVRWdVlqSTVibUpIVlhWWk1qbDBUVU56UjBOcGMwZEJVVkZDQ21jM09IZEJVV2RGU0ZGM1ltRklVakJqU0UwMlRIazVhRmt5VG5aa1Z6VXdZM2sxYm1JeU9XNWlSMVYxV1RJNWRFMUpSMHhDWjI5eVFtZEZSVUZrV2pVS1FXZFJRMEpJTUVWbGQwSTFRVWhqUVROVU1IZGhjMkpJUlZSS2FrZFNOR050VjJNelFYRktTMWh5YW1WUVN6TXZhRFJ3ZVdkRE9IQTNielJCUVVGSFZBcFdTSE5sSzBGQlFVSkJUVUZUUkVKSFFXbEZRWEZSZWxJMFZXMDFkV3MyZFU1TVZtRnFTRU14ZUdab01DOWpkRFZFWnpGNVFWaFlWMk56YnpoblNFMURDa2xSUXpSSVFuQmhPVmRGYjJkdVdsbExWR3hGUVVOdkx6Tm5Ta2N4YzFRdmNraDRLM2xwWlVWSFQyUm9abFJCUzBKblozRm9hMnBQVUZGUlJFRjNUbThLUVVSQ2JFRnFRbFpLTkhkRmNscDJOVWg1Y21aUlIxTnZPV0kwWTJaSlJUY3plR3BvZFRWeGN6VjFVRzlwTW5CRGNEUlZiV0kxWTNoRU5IUnRlbE56TUFvME0zRTVkMWcwUTAxUlExaDBSek5wVVUxNVlWSjBXRmRNY0ZWM1RscEdhRFptYjI1NFdqQlNkWGhzTDFGblpXaG1PVlpMTUdaM2VXdHNjbFZ6TldWYUNsUkhNWHBFYWxkTmVXMVJQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09In19fX0=",
"integratedTime": 1732289175,
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
"logIndex": 150810135,
"verification": {
"inclusionProof": {
"checkpoint": "rekor.sigstore.dev - 1193050959916656506\n29122882\np7qvl9UzZ7WdqRWYrqO9Wtuh1ACiZUQXjFNvT9XLBiY=\n\n— rekor.sigstore.dev wNI9ajBEAiBfVQmUFNd1Bs/ui3FGbNssgXXDCq6bEkvfAwjEIJx67gIgEldpb98zUhFu5C+EdrLAz45OSfXsYaNJH64olclI+s8=\n",
"hashes": [
"e102e710e4248772ea551ebc81ab4aa3a0752bcfa7ce02ada503a846207ebec7",
"1b4fbd1ba926e774e5077dae0ec062a266df16f686ada17f9af0566e738a2996",
"269c9852a313e88db02560674b81dd93f3cd1ee6045c4a16034affc4fb0e4a98",
"d46500ef3b432bb4505052dee34103b68c3fb36d26f73bc49877b7be8391134d",
"37a1e7d283cef0be0b2f7dbbe257000f234d315ca8fdafbf42b6f16a62f1d646",
"c001b461074f7d9876ffcf69c4610227cc788d14c45b3c1f1b5325c1466d2887",
"4d2b96b23ea4fcc1e422590be0bd1253ac9f621ef82cc19db28ccf037580d82c",
"f393394511ed51dcbb2d7740d431b21b2a62529d132256a56c15cebf5d4a97ee",
"ee447b4c1f766ebcef1903a011951307d7a9b0fd838c1831e754a14ab759b60f",
"2c4533ecdd42cf8256d33b48c5b4165ee725e809b0138fe597d82ab7a71b16b9",
"d1f59782a5aacee73e4eeeee54d2a99dc45b98f61167c7c411800ae5dea85ce7",
"b72fcf419649f8bd7ad26ea498dd415548942eddc3fbf296882c5033a8c2bbd6",
"f04dd6832c0cb85a8c74a46c633f1f0f694c94032db275def26f497f066657d2",
"9926d8a9616009c7764f033ae8364e913f7a34303c71f71e9ed301f1302fcb0d",
"2053ffa1ee30e195de24a960d3828d59461bb755e6fe8b51035e61c9973c6705",
"87faaaa975555e7cdf63ed1866c17bc281f419537b038ae34dc8c9ddf89eaabb",
"4c608a17ead60a8f552ddd39d0bff225e66d5a19c939580ffd1092ee75244ab4",
"151484a8e798e5b0097f54ecb8ccc00a9c15b2537db447999b3bb6931ddf664f",
"5cc21325b1cf6c3168241187bebc734d3385fb4f49e41b035eac4bfd18dd9581",
"7a3393a1932f0d48d2ffa94e580715c9df28cc17549064ab88b20f6d112043d6",
"6ee96c10d6ab89452c0b8c62475c85b6a2b30fc7af23da7fb3e602a65f2df6d1",
"136acb3983c914a8a2cd88b2bb4ed02ea90c55354bee2d99817890cb0748f4a4",
"e25505d183aef579080d7297034c0c4b377a55e0d8dd3640826a0e796992dbe6",
"81ffbd9b9e760773e79169ced28e0a755be3713dd65472eb09b7f50e8558285c"
],
"logIndex": 28905873,
"rootHash": "a7baaf97d53367b59da91598aea3bd5adba1d400a26544178c536f4fd5cb0626",
"treeSize": 29122882
},
"signedEntryTimestamp": "MEYCIQC82vbEbpprpfZuwTiKIHdPqU8SPZzPJB5ZIOr86y+fCwIhALEHXKu6M46rhfr6bY9uQTSVeConZ3uotDlK5cJ2GaFE"
}
}
Loading