Rootconf Mini 2024

Abstract:
CI systems are the security orchestration centre of the SDLC but CI itself has become an attack surface as Solarwinds and Codecov attacks have shown.

BOLT: https://github.com/koalalab-inc/bolt an OSS tool, secures CI runtime/build time from two attack vectors:

1. Secret Exfiltration and
2. Build Tampering.

BOLT instruments an egress gateway and auditd rules. Egress gateway enables BOLT to filter outbound traffic. Auditd logs are used to monitor for any kind of source/build tampering.

Furthermore, egress-filter itself has many other nuances. The outbound traffic from the build system can go to multi-tenant systems like GitHub, DockerHub, JFrog etc. Ensuring only the trusted tenants are being called in egress calls is necessary to ensure security.

BOLT instruments eBPF probes to do deep SSL inspection of egress traffic. Applying destination aware rules on top of deep SSL inspection enables BOLT to trust tenants across multi-tenant systems like GitHub/DockerHub/JFrog.

Takeaways:

1. Understand threat vectors in CI systems.
2. Use BOLT to secure Github actions CI runtime.
3. Understand nuances of egress-filter at build time.
4. Understanding instrumentation of eBPF filtering and how deep SSL inspection can be used for other use-cases like minimal token permissions.

Audience:

1. Security Engineers: who are keen to understand and implement advanced CI security measures.
2. Security Leadership: CISOs, Security Directors, and Managers looking to gain insights into the nuances of CI/CD security and software supply chain protection.
3. Cloud Architects/Platform engineers: Professionals designing secure cloud infrastructures who need to understand the latest in CI security and eBPF applications.
4. Technically Curious: Anyone with a technical background interested in learning about advanced concepts in CI security, eBPF, and software supply chain protection, presented in an accessible manner.