-
[PEP 740](https://peps.python.org/pep-0740/) is in a final but not yet approved state. This issue is intended to lay out the dependencies/subcomponents of its implementing, including things that can b…
-
Support optional end-to-end trust / content authentication in addition to transport authentication.
Support GnuPG (OpenPGP) signatures on anything that changes sources (build inputs). For some cont…
-
Repo: https://github.com/slsa-framework/example-package/tree/379/merge
Run: https://github.com/slsa-framework/example-package/actions/runs/10062068638
Workflow file: https://github.com/slsa-framework/…
-
**Description**
SLSA GitHub generators use Sigstore signing to sign releases. Trusted builders use their GH provided OIDC identity to sign. The source repository is contained inside OID extensions,…
asraa updated
1 month ago
-
We've talked about this on and off in the s3c working groups and also in the [Artifacts proposal](https://docs.google.com/document/d/13qxkpC0m5zTEWJ_oprA2ZO9D0wj_Q4xyz_UMiJchujU/edit?resourcekey=0-13b…
-
Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/10297474660
Workflow file: https://github.com/slsa-framework/examp…
-
In GitHub Security Advisory [GHSA-r2xv-vpr2-42m9](https://github.com/advisories/GHSA-r2xv-vpr2-42m9), there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ran…
-
> host their source on a source control platform
Would this include self-hosted versions of SCPs?
_Originally posted by @zachariahcox in https://github.com/slsa-framework/slsa/pull…
-
Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/10289458668
Workflow file: https://github.com/slsa-framework/examp…
-
Repo: https://github.com/slsa-framework/example-package/tree/main
Run: https://github.com/slsa-framework/example-package/actions/runs/10295208779
Workflow file: https://github.com/slsa-framework/examp…