-
Describe the bug
There is a broken link on the page, link text slsa.dev/。 contain the wrong link
(Ref: Screenshot below)
To Reproduce
Steps to reproduce the behavior:
Go to 'https://kubeedge.…
-
At the moment we use cosign to sign our payload. Cosign brings in a lot of dependencies.
We could replace it with something like this https://github.com/slsa-framework/slsa-github-generator/blob/c…
-
**What would you like to be added**:
SLSA Attestation to be generated with new releases.
**Why is this needed**:
SLSA's are resources that show evidence that the release consumers receive has…
-
~~When adding a "Harden Runner" to an action, it doesn't check if there is already an runner present.~~
It seems it only adds an duplicate runner when https://github.com/slsa-framework/slsa-github-ge…
-
This would
1. Use gitHub hosted runners
2. Use the scorecard action and run analysis
3. Use sigstore in keyless mode to sign and push the scorecard results as a blob on GitHub registry
asraa updated
3 years ago
-
### Description
The [verifying sigstore bundles](https://kyverno.io/docs/writing-policies/verify-images/sigstore/#verifying-sigstore-bundles) section of the documentation is specific to public GitH…
-
**Describe the problem/challenge you have**
Currently, the artefacts produced by the different Carvel projects (binaries, images, bundles) are not signed. It would be nice if they were all signed t…
-
The original SLSA steering committee's term has ended. Before we can select a new committee, we need to define the nomination process and terms.
While we are working on this, we should ensure that …
-
Recently @nicoleschwartz shared [this query](https://platform.activestate.com/sv/buildplanner/graphql?_ga=2.150203056.708135455.1727384512-132845242.1652072644&query=query%20slsa%20%7B%0A%20%20project…
-
Following #768
For folks using slsa-verifier as a library, it could be useful to export the mocks we already have for the TUF client `newMockSigstoreTUFClient`, and it's implementation for `GetTar…