21 Commits

Author	SHA1	Message	Date
Mend Renovate	b6645ca106	fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.15.1 (#824) ... This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven.plugin-tools:maven-plugin-annotations](https://maven.apache.org/plugin-tools) | `3.11.0` -> `3.15.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44NS4wIiwidXBkYXRlZEluVmVyIjoiMzkuODUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->	2025-01-02 15:43:27 -05:00
Mend Renovate	d2384e2eca	fix(deps): update dependency org.apache.maven:maven-core to v3.9.9 (#816) ... This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-core](https://maven.apache.org/) | `3.9.8` -> `3.9.9` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzkuNDIuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-12-13 11:32:01 +00:00
Mend Renovate	9093b4fd79	fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.9 (#809) ... This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-plugin-api](https://maven.apache.org/) | `3.9.6` -> `3.9.9` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguOTcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-10-07 17:09:17 +00:00
Mend Renovate	903cddc5c3	fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 (#787) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-core](https://maven.apache.org/) | `3.9.6` -> `3.9.8` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjEuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->	2024-07-01 12:43:35 -04:00
Mend Renovate	2a07cd6e3a	fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 (#752) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven.plugin-tools:maven-plugin-annotations](https://maven.apache.org/plugin-tools) | `3.9.0` -> `3.11.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>	2024-04-03 00:55:07 +00:00
Mend Renovate	0547bc3002	fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 (#751) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-plugin-api](https://maven.apache.org/) | `3.9.5` -> `3.9.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNjkuMiIsInVwZGF0ZWRJblZlciI6IjM3LjI2OS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com>	2024-04-02 18:46:09 +00:00
Mend Renovate	66a9f93df2	fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 (#718) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-core](https://maven.apache.org/) | `3.8.1` -> `3.9.6` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2024-03-26 20:42:43 +00:00
Mend Renovate	a7d5c7b0f1	fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.5 (#669) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven:maven-plugin-api](https://maven.apache.org/) | `3.6.3` -> `3.9.5` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMS4wIiwidXBkYXRlZEluVmVyIjoiMzcuMC4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-10-10 02:06:04 +00:00
Mend Renovate	088a626879	fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.9.0 (#667) ... [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [org.apache.maven.plugin-tools:maven-plugin-annotations](https://maven.apache.org/plugin-tools) | `3.6.0` -> `3.9.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMS4wIiwidXBkYXRlZEluVmVyIjoiMzYuMTEuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Signed-off-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-10-10 01:00:37 +00:00
dependabot[bot]	8602109f3f	chore(deps): bump org.apache.maven:maven-core from 3.2.5 to 3.8.1 in /experimental/maven-plugin (#713) ... Bumps [org.apache.maven:maven-core](https://github.com/apache/maven) from 3.2.5 to 3.8.1. <details> <summary>Commits</summary> <ul> <li><a href="05c21c65bd"><code>05c21c6</code></a> [maven-release-plugin] prepare release maven-3.8.1</li> <li><a href="d295dc362f"><code>d295dc3</code></a> [MNG-7128] keep blocked attribute from mirrors in artifact repositories</li> <li><a href="a46906806a"><code>a469068</code></a> next version in branch 3.8.x is 3.8.1-SNAPSHOT</li> <li><a href="dad8a3e1c5"><code>dad8a3e</code></a> [maven-release-plugin] prepare for next development iteration</li> <li><a href="6aa1f4acf5"><code>6aa1f4a</code></a> [maven-release-plugin] prepare release maven-3.8.0</li> <li><a href="907d53ad32"><code>907d53a</code></a> [MNG-7118] block HTTP repositories by default</li> <li><a href="899465aeec"><code>899465a</code></a> [MNG-7117] add support for blocked mirror</li> <li><a href="fa79cb22e4"><code>fa79cb2</code></a> [MNG-7116] add support for mirrorOf external:http:*</li> <li><a href="e5f6634e17"><code>e5f6634</code></a> use Maven Resolver 1.6.2</li> <li><a href="09f77da9b0"><code>09f77da</code></a> [MNG-7119] Upgrade Maven Wagon to 3.4.3</li> <li>Additional commits viewable in <a href="https://github.com/apache/maven/compare/maven-3.2.5...maven-3.8.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/slsa-framework/slsa-verifier/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-10-09 23:04:57 +00:00
laurentsimon	4b59ce4050	feat: Update doc and code for Maven plugin (#680) ... Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-16 01:46:57 +00:00
laurentsimon	4d0ebdcbee	docs: Add example for maven verification plugin (#676) ... closes https://github.com/slsa-framework/slsa-verifier/issues/675 --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-08-02 11:55:09 +09:00
laurentsimon	66ae6bcdf6	docs: Fix maven-plugin README (#671) ... Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-07-25 00:56:29 +00:00
AdamKorcz	1d65178d65	move maven-plugin from slsa-github-generator (#664) ... Adds the maven plugin from https://github.com/slsa-framework/slsa-github-generator/pull/2439 Signed-off-by: AdamKorcz <adam@adalogics.com>	2023-07-21 22:40:01 +00:00
Shunsuke Suzuki	74fd528309	fix: fix the Go package version to v2 (#373) ... * fix: fix the package version to v2 ``` git ls-files | grep ".go$" | xargs -n 1 gsed -i "s|github.com/slsa-framework/slsa-verifier|github.com/slsa-framework/slsa-verifier/v2|g" ``` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * fix: fix the package version to v2 Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * test: fix source Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2022-12-01 18:49:39 -08:00
laurentsimon	b58e752378	feat: support builderID matching with or without semver for GCB (#256) ... * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update	2022-09-12 17:17:46 -07:00
asraa	ff0ced42ef	refactor: add subcommands and separate functionality from artifacts a… (#231) ... * refactor: add subcommands and separate functionality from artifacts and images Signed-off-by: Asra Ali <asraa@google.com>	2022-09-06 17:10:58 -05:00
asraa	7b4b9cde06	feat: support oci image verification (#147) ... * feat: support oci image verification Signed-off-by: Asra Ali <asraa@google.com> * add testing folder Signed-off-by: Asra Ali <asraa@google.com> * update name and make fix Signed-off-by: Asra Ali <asraa@google.com> * add tests Signed-off-by: Asra Ali <asraa@google.com> * Add initial testing Signed-off-by: Asra Ali <asraa@google.com> * updated comments Signed-off-by: Asra Ali <asraa@google.com> * update Signed-off-by: Asra Ali <asraa@google.com> * fix digest calculation Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-08-17 15:59:01 -05:00
laurentsimon	4ca6320994	feat: make branch optional (#192) ... * update * update * update * update * Update verifiers/internal/gha/provenance.go Co-authored-by: Ian Lewis <ianlewis@google.com> * update * update * update * update * update * update * update * update Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-08-09 22:49:36 +00:00
laurentsimon	edb792b342	feat: Create interface for verifiers (#187) ... * update * update * unit tests * update * comments * update * update * update * update * Use interface for builders * update * update * update * update * fix * update * update * update * update * update * update * update * update * update * update * update * update	2022-08-05 14:31:34 -07:00
laurentsimon	caaf1c1b8e	feat: Create a verifier as a service (#182) ... * update * update * update * tests * update * update * update * update * update * update * update * update * update * update * comments * update * update * update * update * update	2022-08-03 14:29:25 -07:00