-
https://slsa.dev/spec/v0.1/levels
-
This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.
## Config Migration Needed
- […
-
At the moment we use cosign to sign our payload. Cosign brings in a lot of dependencies.
We could replace it with something like this https://github.com/slsa-framework/slsa-github-generator/blob/c…
-
**Description**
I'm trying to use `kubectl-sigstore sign --no-tlog-upload` offline, but I still get the "The sigstore service, hosted by sigstore" warning.
When I try `kubectl-sigstore sign -f v…
-
### Describe you feature request
**Is your feature request related to a problem? Please describe.**
If I download a release from GitHub I can't check sum
**Describe the solution you'd like**
Hav…
-
The original SLSA steering committee's term has ended. Before we can select a new committee, we need to define the nomination process and terms.
While we are working on this, we should ensure that …
-
après Conversion, Filtre (contaminants) , Normalisation (quantile).
J'arrive sur imputation, Interface indique :
Err : 'x' must be an array of at least two dimensions + Err : dim(X) must have a po…
-
This is a tracking issue for creating a Build Level 4. Build L4 will likely cover some notion of the completeness of the provenance, e.g. that the `resolvedDependencies` are complete in [SLSA Provenan…
-
verified timestamps are provided by the SCP, so when I migrate the source to a new SCP, I think this means that the org must keep the original repo around to keep the "true" timestamps. …
-
The SLSA attestation model [1] defines a "statement" as an in-toto attestation, e.g. as "https://in-toto.io/Statement/v1" [2]. This statement contains both the predicate (e.g. "provenance" / "cycloned…