slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

Metadata

Language-agnostic SLSA provenance generation for Github Actions

Results 279 slsa-github-generator issues
Sort by recently updated
recently updated
newest added

chore(deps): update dependency yamllint to v1.35.1

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [yamllint](https://togithub.com/adrienverge/yamllint) | `==1.33.0` -> `==1.35.1` | [![age](https://developer.mend.io/api/mc/badges/age/pypi/yamllint/1.35.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/yamllint/1.35.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)...

renovate-bot avatar renovate-bot

feat: Add ability to attest the supplied multi-arch image

2 comment

# Summary When using docker buildx to build multi-arch images, SLSA workflow may need to recursively attest underlying images for the multi-arch build. This is possible using `--recursive=true` according to...

Danil-Grigorev avatar Danil-Grigorev

Update link to example usage of docker builder by Oak Project

3 comment

docs: update link to Oak Project workflow file # Summary Update link to example workflow usage by Oak Project in `README.md` ## Testing Process Visually verified change and followed updated...

thompson-shaun avatar thompson-shaun

[bug] Standard discrepancy: `buildInvocationId` versus `buildInvocationID`

7 comment

My colleague @facutuesca observed this bug with the `generator_generic_slsa3.yml` action. **Describe the bug** In SLSA 0.1 and 0.2, `buildInvocationId` is spelled with a lowercase "d": Similarly, it's spelled with a...

woodruffw avatar woodruffw

type:bug
status:triage

[feature] Run `go generate ./...` before build

1 comment

**Is your feature request related to a problem? Please describe.** Some files need to be generated, which will be used in `go build` **Describe the solution you'd like** Add another...

OpenWaygate avatar OpenWaygate

type:feature
status:triage

chore(deps): bump the npm_and_yarn group across 1 directory with 1 update

Bumps the npm_and_yarn group with 1 update in the / directory: [micromatch](https://github.com/micromatch/micromatch). Updates `micromatch` from 4.0.5 to 4.0.8 Release notes Sourced from micromatch's releases. 4.0.8 Ultimate release that fixes both...

dependabot[bot] avatar dependabot[bot]

dependencies
javascript

Add functionality to output the UUID for log lookup purposes

7 comment

# Summary Add functionality to [output the UUID](https://github.com/slsa-framework/slsa-github-generator/issues/3741) for log lookup purposes. The `provenance-rekor-uuid` parameter represents the Rekor UUID, a unique identifier that can be used to search for and...

daoauth avatar daoauth

[feature][tracking] - SLSA 1.0 support

3 comment

This is a tracking issue for SLSA 1.0 support. Feel free to edit this ticket with issues related to supporting SLSA 1.0 requirements/spec.

mlieberman85 avatar mlieberman85

type:feature

Using UUID Output from “generator/Create and sign provenance” Step in generator_generic_slsa3 Job

4 comment

When using generator_generic_slsa3 in the workflow, the last part of the "generator/Create and sign provenance" step outputs "Uploaded signed attestation to rekor with UUID". I would like to use this...

daoauth avatar daoauth

type:feature
status:triage

Metadata

381
Stars
115
Forks
Watchers

Owner

verified publisher icon slsa-framework

Metadata

Language-agnostic SLSA provenance generation for Github Actions

Back