Open developer-guy opened 1 year ago
@itaysk and @yanivagman for awareness and directions.
Hi @developer-guy and thanks for the suggestion! I would prefer to wait with this one. tracee's build process is quite complex compared to any other "regular" go application and is still evolving so I do anticipate this adding some kind of maintenance burden. If we got enough evidence that users required it we would consider but that's not the case right now.
SLSA Framework organization provides a bunch of generators (Trusted Go builder^1, Generic Generator^2, Container Generator^3) today and all of them were announced as GA^4 pretty recently. So, we can use these generators to generate SLSA provenance to be compliant with SLSA Level 3 without much toil.
I'm willing to work on this!