search

slsa-framework / azure-devops-demo

SLSA Azure DevOps Pipelines Extension
https://marketplace.visualstudio.com/items?itemName=gattjoe.SLSAProvenanceGenerator
Apache License 2.0
23 stars 13 forks source link

Materials should use `git+https`, not `GitHub+https` #6

Closed MarkLodato closed 3 years ago

MarkLodato commented 3 years ago

The spec recommends using SPDX Download Location, which is of the form:

git+https://...

Currently the code outputs GitHub+https://... because it uses the Build.Repository.Provider predefined variable verbatim.

Instead, the code should convert to either git, svn, or tfvc.

gattjoe commented 3 years ago

Will get this done tonight. Should be a straightforward fix.