-
Please add [SLSA provenance ](https://slsa.dev/)to your releases.
It is easy to do on on Github, for example:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/…
-
**Description**
Re: https://github.com/slsa-framework/slsa-verifier/pull/791#discussion_r1693621800
I'm proposing that we change `NewLiveTrustedRoot` to accept an existing client, instead of…
-
This issue serves to document the SLSA criteria for Adoptium to meet. SLSA [1] is a secure software supply chain framework that defines four compliance levels [2] of increasing assurance.
Level 1
…
-
Recently @nicoleschwartz shared [this query](https://platform.activestate.com/sv/buildplanner/graphql?_ga=2.150203056.708135455.1727384512-132845242.1652072644&query=query%20slsa%20%7B%0A%20%20project…
-
The workstream for HW Attested Build Environments has been building a POC in a repo under my user account: https://github.com/chkimes/image-attestation. We would like to move this under the SLSA frame…
-
[SLSA Framework organization ](https://github.com/slsa-framework)provides a bunch of generators (Trusted Go builder[^1], Generic Generator[^2], Container Generator[^3]) today and all of them were an…
-
Just a heads up SLSA 1.0 is currently out as a release candidate and will be going live in probably end of March 2023.
Would buildkit be interested in supporting the new spec? I can't help with th…
-
- `customer-figali`: Gong snippet: https://us-65885.app.gong.io/call?id=7283736297840441495&highlights=%5B%7B%22type%22%3A%22SHARE%22%2C%22from%22%3A150%2C%22to%22%3A960%7D%5D
- @noahtalerman: _User…
-
Based on discussions within the Supply Chain integrity working group and S2C2F Project we wanted to open discussions on a path for S2C2F to align with SLSA as its dependency track. This would be conti…
-
### Summary
Hi there! I wonder if scicookie as a cookiecutter template could generate SLSA3 provenance for Python-based build artifacts (the source distribution and wheels) in the template files by d…