go-tuf icon indicating copy to clipboard operation
go-tuf copied to clipboard

Published 20 hours ago verified publisher icon theupdateframework

Add SLSA provenance

Open udf2457 opened this issue 1 year ago • 1 comments

Please add SLSA provenance to your releases.

It is quick and easy to do on on Github:

https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator

Background info: https://docs.sigstore.dev/signing/overview/

udf2457 avatar Apr 24 '24 17:04 udf2457

With the new Artifact Attestation support from GitHub this should be fairly trivial to add. I can take a look on this.

kommendorkapten avatar May 07 '24 15:05 kommendorkapten