mokkunsuzuki-code/stage240

# Stage240：外部验证门禁 MIT License © 2025 Motohiro Suzuki ## 概述 Stage240 将验证策略执行扩展到了 GitHub Actions 之外。 Stage239 建立了基于 CI 的验证策略执行： 构建在 CI 内部根据 provenance 和 SBOM 证明检查被接受或拒绝。 Stage240 更进一步。 此阶段引入了一个外部验证门禁，以便可以在 CI 之外执行相同的策略。 这意味着验证不再局限于： - “GitHub Actions 显示通过” 它现在支持： - “任何人都可以独立验证并执行相同的策略” 这就是 Stage240 的核心价值。 ## 此阶段的重要性 此阶段将信任模型从 CI 内部执行升级为外部可复现执行。 ### 之前 - CI 生成证明 - CI 验证证明 - CI 拒绝策略不匹配 ### 之后 - 相同的验证逻辑可以在 CI 之外运行 - 第三方可以独立执行相同的策略 - 信任不再仅绑定到仓库自身的 workflow 这是迈向可外部审计验证的重要一步。 ## 安全意义 Stage240 增加了三个核心要素： 1. 一个策略定义文件 2. 一个外部验证 CLI 3. 一个外部通过/失败门禁 该策略要求： - provenance 证明 - SBOM 证明 - 仓库身份匹配 - signer workflow 匹配 - 预期 artifact 名称匹配 - SPDX 2.3 SBOM predicate 如果其中任何一项检查失败，验证即失败。 这意味着项目不再仅依赖于 CI 内部的策略执行。 现在可以在外部复现相同的决策。 ## 仓库结构 ``` .github/workflows/ slsa-governed-build.yml stage240-external-verification.yml docs/ external_verification.md policy/ policy.yaml tools/ build_stage240_artifact.sh verify_external_policy.py out/ external_verification/ Key files policy/policy.yaml Defines the external verification policy, including: required attestation types accepted predicate types repository identity signer workflow identity expected artifact name tools/build_stage240_artifact.sh Builds the Stage240 source bundle artifact: README.md LICENSE tools/ docs/ .github/ policy/ This uses an explicit file list to avoid unstable archive behavior. tools/verify_external_policy.py Verifies the artifact outside CI using GitHub attestation verification. It checks: artifact presence artifact name provenance verification SBOM verification signer workflow identity repository identity It writes external verification evidence to: out/external_verification/ .github/workflows/slsa-governed-build.yml Reusable workflow that: checks out the repository builds the source bundle generates the SPDX SBOM uploads the artifact and SBOM creates provenance attestation creates SBOM attestation .github/workflows/stage240-external-verification.yml Main workflow that: calls the reusable governed build downloads the built artifact downloads the SBOM runs the external verification CLI uploads external verification evidence Workflow logic The Stage240 flow is: Build ↓ Generate provenance attestation ↓ Generate SBOM attestation ↓ Download artifact outside build job ↓ Run external verification CLI ↓ Pass / Fail More conceptually: Artifact ↓ Attestation ↓ Independent Verification ↓ Policy Enforcement ↓ Admission / Rejection Local usage You can build the artifact locally: chmod +x tools/build_stage240_artifact.sh ./tools/build_stage240_artifact.sh Then verify it with the external verification tool: python3 tools/verify_external_policy.py stage240-source-bundle.tar.gz GitHub Actions The reusable workflow is: slsa-governed-build The main workflow is: stage240-external-verification A successful run means: the source bundle was built the SBOM was generated provenance attestation was created SBOM attestation was created the external verification CLI validated the artifact policy checks passed What changed from Stage239 Stage239 CI verified attestations CI enforced accept/reject decisions Stage240 the same policy logic is exposed as an external verification gate third parties can run the same verification independently policy enforcement is no longer CI-only So Stage240 is not just “more verification”. It is a shift from: CI-only admission control to: independently reproducible policy enforcement External review value For an external reviewer, Stage240 shows that the repository now supports: attestation production attestation verification CI policy enforcement external policy reproduction independent pass/fail judgment This is stronger than a repository that only says its own CI passed. It shows that verification logic can be reused outside the original workflow. Limitations Stage240 is a real external verification step, but it is not yet a full multi-party trust framework. For example: it still relies on GitHub-hosted attestation retrieval it does not yet provide multi-organization trust roots it does not yet implement threshold approval it does not yet include non-GitHub transparency infrastructure Still, it is a meaningful advancement from CI-bound verification to externally enforceable verification. Conclusion Stage240 establishes: policy definition external verification CLI external verification evidence independent pass/fail judgment outside CI This stage marks the transition from: "CI verifies the build" to: "verification can be enforced independently outside CI" That is the core achievement of Stage240. License MIT License © 2025 Motohiro Suzuki See LICENSE for details. ```

标签：CI/CD 安全, CLI 工具, Cutter, DevSecOps, GitHub Actions, Lerna, Python, SBOM, SLSA, SPDX, 上游代理, 代码签名验证, 可复现构建, 外部验证, 工件完整性, 数据投毒防御, 无后门, 来源证明, 硬件无关, 第三方审计, 策略执行, 自动笔记, 软件供应链安全, 远程方法调用, 逆向工具