slsa-verifier icon indicating copy to clipboard operation
slsa-verifier copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

bug: check entryPoint is non empty for GCB provenance

Open laurentsimon opened this issue 1 year ago • 1 comments

GCB allows triggering builds via CLI, in which case the config is passed as an RPC input, but no in code. We should check the entryPoint is not empty.

laurentsimon avatar Apr 27 '23 19:04 laurentsimon

I'll wait for https://github.com/slsa-framework/slsa-verifier/pull/572 to land since it defines new functions to retrieve provenance information, including the entryPoint.

laurentsimon avatar Apr 27 '23 19:04 laurentsimon

#572 is merged.

ramonpetgrave64 avatar Jul 02 '24 21:07 ramonpetgrave64