-
Look into [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator)
-
Hello Kevin and folks here :grin:
The current CTFd build and release process **works**, but we can -and need- to go further.
Why ? TL;DR: **security**... [SLSA Level 3](https://slsa.dev/get-starte…
-
**Motivation**
We have signatures with cosign, and our next step is to add provenance attestations to images and artifacts as well, in the same way we have in Falcoctl
cc @cpanato @developer-guy
-
Just a heads up SLSA 1.0 is currently out as a release candidate and will be going live in probably end of March 2023.
Would buildkit be interested in supporting the new spec? I can't help with th…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…
-
### What would you like to be added?
Please add [SLSA provenance ](https://slsa.dev/)to your releases.
It is easy to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blo…
-
Hi,
I am planning to translate SLSA v1.0 documents into Chinese. Please let me know where should I put those files.
-
Ensure SLSA Lvl 3 as specified in https://github.com/kubewarden/kubewarden-controller/issues/856.
Our `kubectl` image used in helm hooks, see https://github.com/kubewarden/rancher-kubectl-builder…
-
```suggestion
*Threat:* Issue an attestation that purposefully misrepresents the subject.
```
_Originally posted by @zachariahcox in https://github.com/slsa-framework/slsa/pull/1191…
-
**Description**
We need to explore how to verify the existence of SLSA provenance attached to container images. It is currently possible to inspect SLSA attestations however this could be simp…