Open developer-guy opened 1 year ago
amartinezfayo
commented
1 year ago Thank you @developer-guy for opening this issue. Do you have some detail about the modifications that are needed to support this? Would this require some maintenance after it's introduced?
developer-guy
commented
1 year ago you can assign it to me, I'm willing to work on this, thank you. I'll explain all the details while working on the PR.
Would this require some maintenance after it's introduced?
Not much, just some upgrades and deprecations if any
laurentsimon
commented
1 year ago Once in a while dependabot will send you a version bump PR. We cut release once / twice a quarter
amartinezfayo
commented
1 year ago you can assign it to me, I'm willing to work on this, thank you. I'll explain all the details while working on the PR.
Thank you @developer-guy, that would be great! I've assigned this to you and we can discuss in the PR.
udf2457
commented
7 months ago
SLSA Framework organization provides a bunch of generators (Trusted Go builder^1, Generic Generator^2, Container Generator^3) today and all of them were announced as GA^4 pretty recently. So, we can use these generators to generate SLSA provenance to be compliant with SLSA Level 3 without much toil.
I'm willing to work on this!
PTAL @asraa @laurentsimon @ianlewis