slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

Replace the builder-fetch.sh script with better programming language

Open laurentsimon opened this issue 3 years ago • 0 comments
trafficstars

As part of https://github.com/slsa-framework/slsa-github-generator/pull/86, I used a script to download the builder's binary. We should use another programming language code instead, to avoid trusting the gh CLI binary and to make the code more readable. Maybe typscript is an option, and we can encapsulate it into a GH Action.

I think it's fine to have reliance on this binary for the first release, since it's an official GitHub project https://cli.github.com/

Please chime in if you think otherwise.

laurentsimon avatar May 24 '22 23:05 laurentsimon