SalsaGate

Project Overview

Modern software delivery relies on complex CI/CD pipelines, but recent supply-chain attacks (e.g., SolarWinds, Codecov) show how easily those pipelines can be tampered with. These attacks target the software supply chain, exploiting insecure build steps, compromised dependencies, and unauthorized modifications to artifacts. For security teams, this creates a critical challenge: ensuring that what is deployed to production is exactly what was built, reviewed, and approved. Existing integrity-verification tools are fragmented, difficult to integrate, and often fail to provide end-to-end security guarantees across the build and deployment lifecycle.

Our Solution

SalsaGate is a CI/CD tamper-detection framework that enhances the security of software supply chains by automatically generating and verifying build provenance. It combines SLSA-inspired security controls with Sigstore signing and transparency logs, making it extremely difficult for attackers to introduce malicious changes into the build process without detection. By validating the authenticity and integrity of build artifacts, SalsaGate directly strengthens an organization’s DevSecOps posture and reduces the risk of compromised builds being deployed.

How It Works

SalsaGate integrates with existing pipelines to capture critical metadata for each build including source commits, build environments, dependencies, container images, and deployment targets. It produces cryptographically signed security attestations that bind artifacts to trusted build steps. During promotion or deployment, SalsaGate verifies these attestations against organizational security policies.

If anything has been modified outside the trusted CI/CD workflow such as a manually patched container, a bypassed approval stage, or a build executed on an untrusted machine. SalsaGate immediately flags the event and can block deployment, reducing the risk of security breaches caused by tampering or insider threat.

Implementation & Evaluation

Our prototype is implemented using GitHub Actions, Docker container images, and Sigstore tooling (Cosign and Rekor) for signing and verification. We simulated realistic supply-chain attack scenarios including unauthorized artifact modification and manipulated build steps to evaluate SalsaGate’s ability to detect and surface these anomalies for security and engineering teams.
We also assessed usability and integration complexity to ensure the framework introduces minimal friction into existing DevSecOps workflows.

Impact & Future Work

SalsaGate demonstrates how DevSecOps teams can incorporate provenance verification, artifact integrity checks, and tamper-detection mechanisms into their pipelines with minimal disruption.

Future work includes richer policy rules, support for additional CI/CD platforms and artifact types, deeper integration with organizational security tooling and incident response processes, and incorporation of AI-driven anomaly detection and policy recommendations for more adaptive and intelligent supply-chain security.