issues
search
slsa-framework
/
slsa
Supply-chain Levels for Software Artifacts
https://slsa.dev
Other
1.56k
stars
227
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
impl: Update dependency markdownlint-cli to v0.43.0
#1248
renovate-bot
closed
1 day ago
1
build(deps): bump smol-toml from 1.3.0 to 1.3.1
#1247
dependabot[bot]
closed
1 day ago
1
build(deps): bump cross-spawn from 7.0.3 to 7.0.6
#1246
dependabot[bot]
closed
5 days ago
1
Add figure for build environment lifecycle
#1245
marcelamelara
opened
1 week ago
0
content: Add figure for the build environment model
#1244
marcelamelara
opened
1 week ago
1
Write detailed requirements/guidance for BuildEnv track
#1243
marcelamelara
opened
1 week ago
0
cleanup verifying-source content
#1242
zachariahcox
opened
1 week ago
0
content: Update website with current steering committee
#1241
haydentherapper
closed
1 week ago
3
content: source-track: merge train summary
#1240
zachariahcox
closed
1 day ago
1
fill in or cut this bit about merge trains
#1239
zachariahcox
closed
1 day ago
0
verifying-source should discuss verifying all the commits directly on a protected ref
#1238
zachariahcox
opened
1 week ago
0
content: source track: minor copy edits: remove extra comma, update url to point to rules for github example
#1237
zachariahcox
closed
1 week ago
1
content: source track: address org threats
#1236
zachariahcox
opened
1 week ago
1
Which Build Threat corresponds to "pwn request"
#1235
fproulx-boostsecurity
opened
1 week ago
9
nonspec: remove Joshua as a maintainer
#1234
joshuagl
closed
1 week ago
4
'verifiying-artifacts' needs to be updated to match new threat diagram
#1233
TomHennen
closed
2 weeks ago
2
Add search to published doc
#1232
shalper
opened
3 weeks ago
3
fix: Update link to SUSE case study
#1231
lehors
closed
3 weeks ago
1
Fix broken link - SUSE source
#1230
shalper
closed
3 weeks ago
1
impl: Update dependency webrick to v1.9.0
#1229
renovate-bot
closed
2 weeks ago
1
nonspec: Add adityasaky as a maintainer
#1228
adityasaky
closed
3 weeks ago
3
content: Update mitigation section for the Dependency Confusion threat.
#1226
meder
opened
4 weeks ago
3
impl: Update github-actions
#1224
renovate-bot
closed
3 weeks ago
1
Clarify 'Tamper with provenance or VSA' threat
#1223
TomHennen
opened
1 month ago
1
Safe Expunging and 'legal' restrictions
#1222
TomHennen
opened
1 month ago
1
editorial: draft: fix grammar mistake
#1221
TomHennen
closed
1 month ago
2
content: resourceUri SHOULD match the download URI
#1220
TomHennen
closed
2 weeks ago
3
Relationship of VSA's `resourceUri` with the attestation `subject`
#1219
adityasaky
opened
1 month ago
1
Grant Pavel triage access
#1218
marcelamelara
closed
1 month ago
1
content: draft: Improve strength of Source Level 3
#1217
TomHennen
closed
3 weeks ago
3
Improve strength of Source Level 3
#1216
TomHennen
closed
3 weeks ago
0
Clarify why builder level is meaningful in threats
#1215
TomHennen
opened
1 month ago
1
impl: Replace Chad with @paveliak as BuildEnv track shepherd
#1214
marcelamelara
closed
1 month ago
1
Rephrase "The update did not match the code submitted to GitHub"?
#1213
TomHennen
opened
1 month ago
1
Clarify how end-users can know the expected value of resourceUri in a VSA
#1212
TomHennen
closed
2 weeks ago
3
Clarify that it's the CI's control plane that gives it privileged access
#1211
marcelamelara
opened
1 month ago
0
Clarify the connection between the Build and BuildEnv tracks
#1210
marcelamelara
opened
1 month ago
0
content: draft: Update threat-overview table to use new threat diagram
#1209
TomHennen
closed
1 month ago
3
Threats overview page needs to be updated for 1.1
#1208
TomHennen
closed
1 month ago
1
Summarized verification results in VSA, timeless vs. time-sensitive
#1207
AdamZWu
opened
1 month ago
8
content: draft: reword "Change management process" requirement
#1206
TomHennen
closed
1 month ago
4
content: draft: clarify "in the present context"
#1205
TomHennen
closed
1 month ago
2
content: draft: Clarify name of Source L3
#1204
TomHennen
closed
1 month ago
2
content: draft: Harden 'safe-expunging-process'
#1203
TomHennen
closed
1 month ago
3
content: draft: Last 'Platform' -> 'System'
#1202
TomHennen
closed
1 month ago
1
nonspec: Make requirements for draft reviews more explicit
#1201
TomHennen
closed
1 month ago
10
content: draft: move strong auth to the system section
#1200
TomHennen
closed
1 month ago
1
Source 'systems' need strong auth too, not just change management tools
#1199
TomHennen
closed
1 month ago
3
Document implementation of the BuildEnv track for non-Linux environments
#1198
marcelamelara
opened
1 month ago
0
Add reference to TPM 2.0 spec defining "Quote"
#1197
marcelamelara
opened
1 month ago
0
Next