-
Usage:
`slsa::verify`
The verify function takes a Provenance predicate, and performs a verification, producing a Verification Attestation Summary as described [here](https://slsa.dev/verificati…
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
# Background
[Macaron](https://github.com/oracle/macaron) is a checker and verifier tool that follows SLSA guidelines when possible for certain security properties. It discovers and supports `in-toto…
-
I am trying to assess the SLSA level when using Nix referring to the SLSA v1.0, published in April 2023. Since it requires less than its draft versions, I presume compliance is quite straightforward. …
-
https://slsa.dev/spec/v1.0/threats
One major part of this is generating "signed provenance":
https://slsa.dev/spec/v1.0/provenance
I'm not sure how this works for privately hosted `northpike`…
-
Is "slsa-verifier" can we use in Azure Devops? if yes can you share the steps.
-
To make the verifier accessible to everyone easily, we could have a REST/gRPC API to verify as a service.
Possible use cases:
- OSSF or another org runs a verifier as a service. Note that this requi…
-
example scenario: check if an image was built from a specific repo, with a specific branch/commit, include certain reviewers, etc
https://slsa.dev/provenance/v0.2
-
Apologies for being late to review this. It's fantastic to see the beginnings of a Source track emerge. Thank you for the continued effort on this @kpk47.
This feels equivalent to what we had in v0…
-
With https://github.com/slsa-framework/slsa-github-generator we should be able to build SLSA-compliant provenance. I can then look into what else we need to do to reach SLSA Level 3.