github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 00:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

remove old refs to builders (#81)

Browse Source 
Signed-off-by: Asra Ali <asraa@google.com>
This commit is contained in:
asraa
2022-06-07 10:42:22 -05:00
committed by GitHub
parent 0d8f412198
commit 1d50070dc1
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -1,5 +1,5 @@
# Verification of SLSA provenance
This repository contains the implementation for verifying [SLSA provenance](https://slsa.dev/). It currently supports verifying provenance generated by the [SLSA generator for Go projects](https://github.com/slsa-framework/slsa-github-generator-go). We are working on support for verifying provenance for other ecosystems.
This repository contains the implementation for verifying [SLSA provenance](https://slsa.dev/). It currently supports verifying provenance generated by the [SLSA generator for Go projects](https://github.com/slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml). We are working on support for verifying provenance for other ecosystems.
________
[Installation](#installation)
@@ -74,7 +74,7 @@ verified SLSA provenance produced at
{
"caller": "origin/repo",
"commit": "0dfcd24824432c4ce587f79c918eef8fc2c44d7b",
"job_workflow_ref": "/slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml@refs/heads/main",
"job_workflow_ref": "/slsa-framework/slsa-github-generator/blob/main/.github/workflows/builder_go_slsa3.yml",
"trigger": "workflow_dispatch",
"issuer": "https://token.actions.githubusercontent.com"
}
@@ -90,4 +90,4 @@ The verified in-toto statement is written to stdout and can be used to pipe into
Find our blog post series [here](https://security.googleblog.com/2022/04/improving-software-supply-chain.html).
### Specifications
For a more in-depth technical dive, read the [SPECIFICATIONS.md](https://github.com/slsa-framework/slsa-github-generator-go/blob/main/SPECIFICATIONS.md).
For a more in-depth technical dive, read the [SPECIFICATIONS.md](https://github.com/slsa-framework/slsa-github-generator/blob/main/SPECIFICATIONS.md).

7
pkg/provenance.go
View File

@@ -50,12 +50,9 @@ var (
e2eTestRepository = "slsa-framework/example-package"
)
// TODO: remove old builders.
var trustedReusableWorkflows = map[string]bool{
trustedBuilderRepository + "/.github/workflows/slsa2_provenance.yml": true,
"slsa-framework/slsa-github-generator-go/.github/workflows/slsa3_builder.yml": true,
"slsa-framework/slsa-github-generator-go/.github/workflows/builder.yml": true,
trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml": true,
trustedBuilderRepository + "/.github/workflows/slsa2_provenance.yml": true,
trustedBuilderRepository + "/.github/workflows/builder_go_slsa3.yml": true,
}
var (