SOSS Fusion 2024

Most of us trust Git’s security features—signed commits and tags, strict access controls, and robust verification processes—to protect our codebases, even if the Git host is compromised. We rely on practices like ensuring merge commits are signed by trusted authorities, requiring feature branch commits to come from a single user, and having multiple users with appropriate authority levels verify each merge.

But what if I told you that a malicious attacker could still introduce harmful code into a repository, manipulate signed tags, and roll back patches—all without breaking a single signature or triggering any alarms?

In this talk, we will demonstrate how easily an attacker can execute these malicious actions, bypassing all the supposed security measures. You’ll witness firsthand how undetectable these changes can be, highlighting a critical and often overlooked vulnerability in Git.

We will also introduce gittuf, an up-and-coming tool from the OpenSSF project that can mitigate these risks with a decentralized key management permission-based verification system.