slsa-github-generator
slsa-github-generator copied to clipboard
slsa-framework
Language-agnostic SLSA provenance generation for Github Actions
Package maintainers often want to run tests with multiple Node.js versions in order to make sure they are still backwards compatible. We should show an example in the docs about...
Currently all the builds in the Bazel Builder take place from the root. This means that all the targets must also be referenced from the root. If a user wants...
Create a rebuilder for the Bazel Builder that can take in a provenance and an artifact and do the following: 1) Verify the provenance and artifact 2) Rebuild the artifact...
Do that for: - the BYOB's large-subject artifact - all the use cases of geekyeggo/delete-artifact in delegator and container-based builder We shoudl be able to write a script and use...
This will add: - [ ] pre-submit with a non-signed attestations - [ ] daily runs
**Describe the bug** [A clear and concise description of what the bug is.](https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/go/README.md) Lots of go 1.17 references but go 1.17 is EOL. Getting EOL versions make really painful to...
### Building You might be able to install `lerna` as a dev dependency and call it via npm scripts? ### Publishing lerna should be able to support provenance since it...
Metadata
Owner
Metadata
Language-agnostic SLSA provenance generation for Github Actions