slsa-github-generator

slsa-github-generator copied to clipboard

[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator) | require | patch | `v1.2.0` -> `v1.2.1` | ---...

renovate-bot

[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@types/node](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node) ([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped)) | [`16.11.64` -> `16.11.68`](https://renovatebot.com/diffs/npm/@types%2fnode/16.11.64/16.11.68) |...

renovate-bot

Repo: https://github.com/slsa-framework/example-package/tree/v15.0.14 Run: https://github.com/slsa-framework/example-package/actions/runs/3295561860 Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.go.tag.branch1.config-ldflags-assets.slsa3.yml Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.go.tag.branch1.config-ldflags-assets.slsa3.yml Trigger: push Branch: v15.0.14 Date: Fri Oct 21 07:30:12 UTC 2022

laurentsimon

[e2e]: go release main config-ldflags-assets-tag slsa3

1

Repo: https://github.com/slsa-framework/example-package/tree/v23.0.126 Run: https://github.com/slsa-framework/example-package/actions/runs/3286950173 Workflow file: https://github.com/slsa-framework/example-package/tree/main/.github/workflows/e2e.go.release.main.config-ldflags-assets-tag.slsa3.yml Workflow runs: https://github.com/slsa-framework/example-package/actions/workflows/e2e.go.release.main.config-ldflags-assets-tag.slsa3.yml Trigger: release Branch: v23.0.126 Date: Thu Oct 20 05:06:42 UTC 2022

laurentsimon

We need one e2e test for https://github.com/slsa-framework/slsa-github-generator/issues/880, ie to verify that a malicious artifact cannot overwrite the builder repo Let's start with pre-submits. It should be possible to checker for:...

laurentsimon

**Describe the bug** Add a description and link to it in the RELEASE.md for how to generate verifier CLI tests when publishing new builders that release the container workflow. See...

asraa

A few internal Action need to be called with they fully fully-qualified name: ```slsa-framework/slsa-github-generator/.github/actions/[email protected]```. We need to ensure they use the same tag as the release tag for consistency. The...

laurentsimon

Updates #617 Signed-off-by: Ian Lewis

ianlewis

Add a simple pre-submit that prevents inclusion of private keys or GitHub PAT tokens.

ianlewis

[bug] second argument to errors.As should not be *error

4

This message pops up when running unit tests. ``` github/oidc_test.go:237:10: second argument to errors.As should not be *error ```

ianlewis