-
https://slsa.dev/spec/v0.1/requirements
In addition to #3440, we need to meet the following for SLSA 2:
Source:
- ~~Version controlled: Every change to the source is tracked in a version contro…
-
Should we address submodules and other 'indirection' elsewhere in the spec or is it better to keep it aligned with the attestations themselves?
_Originally posted by @TomHennen in htt…
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
This is a tracking issue for SLSA 1.0 support. Feel free to edit this ticket with issues related to supporting SLSA 1.0 requirements/spec.
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
[SLSA Framework organization ](https://github.com/slsa-framework)provides a bunch of generators (Trusted Go builder[^1], Generic Generator[^2], Container Generator[^3]) today and all of them were …
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
https://github.com/slsa-framework/slsa-github-generator/blob/main/actions/nodejs/publish/README.md
-
> you do not need to review each change to cut a release branch
This seems really tricky.
If I create a new release ref that points to the tip of main, I must ensure that the tip of…