OpenSSF Community Day North America 2025

Contributors and maintainers will benefit from increased visibility to changes in the ecosystem, especially as LFX Insights works to display Baseline results for all projects. The baseline is already fully adopted as a project requirement by the OpenSSF TAC, and adoption is underway by the FINOS and CNCF technical oversight committees. Past or Present Chairs from each of the three bodies are leading contributors to the effort.

End User members will benefit by better understanding the measures that Linux Foundation is taking to ensure that projects are being held to robust security standards.

Software is built for a purpose. The same property applies to build platforms!

We will show you how we are leveraging Tekton and Tekton Chains at Red Hat to create a build platform that meets developers where they are at. Developers start with the pipeline defined in their git repository – free for them to modify and update on their terms, with Tekton tasks ready to scan artifacts for vulnerabilities and Renovate pre-configured to help keep dependencies up to date.

This platform helps make sure that the artifacts are going somewhere. Using the detailed SLSA Provenance generated by Tekton Chains, the build platform enables policy driven development. Developers can see in their PRs whether they are on track to meet the target’s requirements – whether it is pushing to a development or production environment. Gone are the days saying “I didn’t know I had to do that!”

We won’t send the artifacts just anywhere, however, as we can tailor policies to ensure that you are meeting all of the requirements. The platform can inspect the provenance to ensure that artifacts are built using trusted steps and all required checks are good for takeoff!

The next wave of Supply Chain attacks is brewing in our Build Pipelines (CI/CD), where 0-days and novel attack paths are still waiting to be discovered. In 2024, the XZ compression library compromise was used as a trojan horse to backdoor OpenSSH, it was caught early on, next time it might go unnoticed.

We tell the story of how we went from finding 0-day vulnerabilities in the Build Pipelines of critical Open Source packages to predicting TTPs for the next XZ-like attacks, adapting MITRE's ATT&CK for CI/CD. We'll go in depth on how Threat Actors can "Live Off the Pipeline" by abusing legitimate build tools to do their bidding.

We introduce practical methods for predicting and identifying threats, by mapping build pipeline tactics to our ATT&CK model. Case studies, based on forensics of recent supply chain compromises, will demonstrate how adversaries exploit build pipelines, escalate privileges, and can remain undetected long enough to have significant impact.

This session empowers attendees to proactively identify and defend against advanced supply chain attacks, effectively countering adversaries that seek to "Live Off the Pipeline" as demonstrated in the XZ compromise.

Open-source AI software introduces a new family of vulnerabilities to organizations. Some components in AI, like model serving, include Remote Code Execution (RCE) by design, like when loading pre-trained models from external sources.

This talk will examine some of the common security anti-patterns prevalent in AI engineering, such as security issues that are not classified as CVEs by design, or patched security issues that introduce breaking changes and therefore are not practically implemented. We’ll review the methods introduced for better security hygiene such as new checkpoint formats (model files on disk) - like SavedModel and SafeTensors.

While SCA, SAST, and traditional approaches don't analyze model checkpoints, leaving these silent vulnerabilities in your stacks, we’ll demo through real code examples, why the runtime context is crucial to detect these security issues––and how this can be achieved by leveraging eBPF and open source tooling.

A status update on the SLSA Dependency Track from the members of the working group. In the update we'll outline the objectives we are trying to achieve with the dependency track, highlight some of the challenges and the next steps.

Software supply chain security is a critical concern for organizations operating in both connected and disconnected environments. The OpenSSF projects Zarf and GUAC (Graph for Understanding Artifact Composition) provide complementary capabilities to enhance security and transparency. Zarf enables the secure packaging and deployment of software in connected or disconnected environments, while GUAC aggregates and contextualizes Software Bill of Materials (SBOMs) to improve software provenance and risk assessment.

This talk will explore how integrating Zarf and GUAC can streamline SBOM generation, verification, and delivery across connected and disconnected environments. We will demonstrate how this integration facilitates:
- Secure SBOM packaging and transport with Zarf.
- Automated SBOM generation and enrichment using GUAC.
- Improved traceability and risk assessment in airgapped environments.

Attendees will gain practical insights into leveraging these OpenSSF projects to strengthen their supply chain security posture and meet emerging compliance requirements.

U.S. executive orders 14028 and 14144 are driving greater adoption of supply chain security and transparency. The in-toto framework, a widely-deployed CNCF project, provides tools and data formats for generating and verifying authenticated supply chain metadata such as SBOMs and SLSA Build Provenance. in-toto plays a central role in enabling vendors to comply with regulations, but consumers and auditors still face challenges defining intuitive policies that allow them to derive meaning from existing attestations.

This session will present ongoing work on in-toto policies, where the community has been (re)defining policy specification and artifact verification for a rapidly evolving supply chain ecosystem. It starts with a brief introduction to the in-toto Attestation Framework, which is a standard way to describe supply chain data. This will be followed by sharing how the previous version of in-toto policies were unfortunately incompatible with new attestations formats. This concludes by demoing in-toto’s new policy framework that not only links attestations but also does so in more powerful, flexible, and user-friendly ways that accommodate a wide variety of real-world use cases.