slsa-verifier icon indicating copy to clipboard operation
slsa-verifier copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

feat: testing mode from non-main slsa-framework/slsa-github-generator branches

Open ramonpetgrave64 opened this issue 6 months ago • 3 comments

Allow verifying provenances from the slsa-framework/slsa-github-generator branches. This is useful during in development.

We could also allow the tester to customize the repo, to perhaps their own fork. example:

SLSA_VERIFIER_TESTING_ALTERNATE_SOURCE_REPO="ramonpetgrave64/slsa-verifier" \
    go run . verify-artifact ...

Testing

  • Added unit tests
  • manually invoking against provenance and artifacts from a test workflow run
    • https://github.com/slsa-framework/slsa-github-generator/actions/runs/10308515370
  • also verifying within the same workflow
    • https://github.com/slsa-framework/slsa-github-generator/actions/runs/10308515370/job/28536184530#step:6:1

ramonpetgrave64 avatar Aug 08 '24 19:08 ramonpetgrave64