slsa-github-generator
slsa-github-generator copied to clipboard
slsa-framework
Language-agnostic SLSA provenance generation for Github Actions
**Describe the bug** image-provenance build failure in final step without any specific details **To Reproduce** Please visit 1. Go to 'https://github.com/CHESSComputing/MetaData/actions' 2. Click on '.Actions' 3. See build failure 4....
As noted in #3065 and #3031 workflows fail on the `final` step even though the real error is in the `generator` step. We should improve error messages to make them...
As part of the effort to bring SLSA to ML https://github.com/google/model-transparency, we need to be able to sign directories. This requires the definition of a new "hash", i.e. how to...
https://github.com/slsa-framework/slsa-github-generator/issues/408 ``` Renovate failed to look up the following dependencies: Could not determine new digest for update (github-tags package thehanimo/pr-title-checker). Files affected: .github/workflows/pre-submit.pr-title.yml ```
**Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - When setting an...
**Is your feature request related to a problem? Please describe.** Not related to a problem, this is a feature request. **Describe the solution you'd like** Once you integrate `ko` into...
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved. Location: `renovate.json` Error type: The...
![forking-renovate[bot] avatar](https://avatars.githubusercontent.com/in/7402?v=4 "forking-renovate[bot] avatar"){kind=avatar}
**Is your feature request related to a problem? Please describe.** The `image` input of the generator_container_slsa3 workflow is declared as input which prohibits using secrets as values. The following example...
Some workflows release via a `workflow_dispatch` event (example: [jib](https://github.com/GoogleContainerTools/jib/blob/dc24c0c3b132cd745e89ecc567ea7cf68d9b4066/.github/workflows/jib-cli-release.yml)). Several slsa-github-generator workflows support an `upload-tag-name` field to allow uploading provenance to a tag other than `github.ref` since there is no...
Metadata
Owner
Metadata
Language-agnostic SLSA provenance generation for Github Actions