slsa-verifier
slsa-verifier copied to clipboard
slsa-framework
Verify provenance from SLSA compliant builders
We may want to provide an option to verify https://github.com/slsa-framework/slsa-github-generator/issues/1555 This is only needed for generators
also add tests for the 3 possible values of the default CLI builder ID.
We use this function to match the inputs to a workflow https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/slsaprovenance/common.go#L12. We seem to always look at the trigger workflow's input. We may want to change this for our...
This will be important when we develop the API, since the API may be used as part of a verification service.
we currently don't verify the cert in the bundle is the same as the one in the rekor entry, we only verify the signatures are the same https://github.com/slsa-framework/slsa-verifier/blob/main/verifiers/internal/gha/bundle.go#L175-L183 We should...
use scorecard, allstar, for example. Record all settings changes, etc
The following unchecked golangci-lint linters are currently generating issues and disabled. We need to enable them and fix the issues encountered: - [x] deadcode (#456) - [ ] errcheck -...
We are installing slsa-verifier in our CI system for [flutter/cocoon](https://github.com/flutter/cocoon) based on the documentation provided [here](https://github.com/slsa-framework/slsa-verifier#option-1-install-via-go). We have enabled Dependabot to update the go modules automatically. Last week, Dependabot created...
Metadata
Owner
Metadata
Verify provenance from SLSA compliant builders