slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

[feature] Add `source:URI` under externalParameters

Open laurentsimon opened this issue 2 years ago • 10 comments
trafficstars

We need to add source for our BYOB builders.

In https://slsa.dev/provenance/v1 "Migrating from 0.2":

"source": old.invocation.configSource.uri,

which seems to indicate that source is a URI of type string.

In https://github.com/slsa-framework/slsa-verifier/pull/621, the "source" field is currently treated as a resourceDescriptor.

@asraa @ianlewis wdut?

laurentsimon avatar May 27 '23 02:05 laurentsimon