laurentsimon
laurentsimon
This is something @asraa proposed in the past but I'm not able to find the issue, so creating this one. We currently hardcode builders. It's fine to have a pre-defined...
To make the verifier accessible to everyone easily, we could have a REST/gRPC API to verify as a service. Possible use cases: - OSSF or another org runs a verifier...
I use the term "raw signer" as per the description in https://github.com/sigstore/model-transparency/issues/172. This was discussed in the SIG 12 June 24. We'd like to have raw signer instantiations for: -...
We'd like to have benchmarking scripts to improve on the current shell https://github.com/sigstore/model-transparency/blob/main/model_signing/benchmarks/run.sh We welcome contributions; this is a really important piece to be able to compare various signing options...
This is a meta issue listing all features we eventually want to support: - [ ] https://github.com/sigstore/model-transparency/issues/203 - [ ] https://github.com/sigstore/model-transparency/issues/205
This would require a URL (+ optionally an expected identity?) to be configured
We use hard-coded runner labels during workflow verification. We should try to retrieve them dynamically when the program starts
Certain checks like branch protection, won't be available if the repo owners use the default token. In this case, we may need to supplement the results with the result of...
We need to test what happens if we receive results for scorecard on a PR branch. We should refuse these requests on the server. (I think it's already taken care...
check last post on https://stackoverflow.com/questions/58482655/what-is-the-closest-to-npm-ci-in-yarn seems `yarn install --immutable --immutable-cache --check-cache` according to https://yarnpkg.com/cli/install I've not looked further