-
This is a tracking issue for releasing v1.1. The primary goal of v1.1 is to release small updates to v1.0 to address issues that are too significant for an in-place update to v1.0 yet we don't want to…
kpk47 updated
5 months ago
-
I'm trying to fit classic "pwn request" in an existing Build Threat (https://slsa.dev/spec/v1.0/threats#e-compromise-build-process) and it's not 100% clear in which one it neatly fits in.
It clearl…
-
Encounter a wrong link on the page, the link text "https://github.com/slsa-framework/slsa-github-generator" contains a wrong link
(Ref: Screenshot below)
To Reproduce
Go to 'https://kubeedge.io…
-
Thank you for your work on dragonfly.
However, given the nature of the modern world we live in, it would be nice if you could add [SLSA provenance](https://slsa.dev/) to your releases.
This coul…
-
**Doc:** https://docs.google.com/document/d/1iWjO4UGcGm0PeCm9mbqeT-PiD4z4S7qXMaZsGIFUn0s/edit
**Presentation:** https://docs.google.com/presentation/u/0/d/1oQoJYy9aCGvnEi43NtgSEfuw3IZbYRuapKFrwSceudA…
-
Hi 👋
I'm Ian, working on behalf of Google and the [Open Source Security Foundation (OpenSSF)](https://openssf.org/) to help open source projects to improve their supply chain security.
After so…
-
Hello, based on your [SLSA SVG badge](https://github.com/slsa-framework/slsa/blob/main/docs/images/gh-badge-level3.svg) I created a [shields.io](https://shields.io/) badge
[. However, before declaring that Chains now produces SLSA v1.0 prov…
-
https://slsa.dev/spec/v0.1/levels
-
### New feature motivation
As [highlighted in the SLSA blog](https://slsa.dev/blog/2023/05/bringing-improved-supply-chain-security-to-the-nodejs-ecosystem), publishing projects with the npm cli wit…
travi updated
6 months ago