github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-09 01:56:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
184 Commits 40 Branches 45 Tags
1dfd8ba693f1720126df64997ba1a552fd40de03
Commit Graph

44 Commits

Author SHA1 Message Date
Ian Lewis
c845407336 Update sigstore libraries (#326) 
* Update sigstore libraries

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>

* Update slsa-github-generator

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>

* go mod tidy

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>

Signed-off-by: Ian Lewis <ianmlewis@gmail.com>
Co-authored-by: asraa <asraa@google.com>
 2022-10-27 14:36:36 +00:00
asraa
05d247fb14 rekor: use rekor client with retries (#301) 
Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2022-10-17 16:55:40 +00:00
WhiteSource Renovate
beada4bd09 fix(deps): update module github.com/go-openapi/runtime to v0.24.2 (#304) 
Co-authored-by: asraa <asraa@google.com>
 2022-10-17 16:33:55 +00:00
WhiteSource Renovate
4f09605a47 fix(deps): update module github.com/sigstore/sigstore to v1.4.4 (#294) 
Co-authored-by: asraa <asraa@google.com>
 2022-10-12 14:26:35 +00:00
asraa
936dc46aca ci: fix path to config (#297) 
Signed-off-by: Asra Ali <asraa@google.com>

use k8s versioning to show commit and tree state

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2022-10-08 18:31:10 +00:00
WhiteSource Renovate
7bb343116e fix(deps): update module github.com/sigstore/sigstore to v1.4.2 (#272) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-26 11:35:50 +00:00
WhiteSource Renovate
5f98831104 fix(deps): update module github.com/sigstore/sigstore to v1.4.1 (#263) 2022-09-23 14:04:06 +00:00
WhiteSource Renovate
78a225d3bd fix(deps): update module github.com/sigstore/cosign to v1.12.0 (#264) 2022-09-19 16:33:55 -04:00
WhiteSource Renovate
cddba700c8 fix(deps): update module github.com/google/go-cmp to v0.5.9 (#253) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-14 17:47:23 +00:00
laurentsimon
d12dce9526 feat: CLI tests for GCB verification (#251) 
* update

* update

* update
 2022-09-08 13:36:56 -07:00
laurentsimon
d5b56c334e feat: add CLI tests for GCB verification (#245) 
* update

* update

* update

* update
 2022-09-02 20:42:40 +00:00
WhiteSource Renovate
0ff60a240a fix(deps): update module github.com/sigstore/cosign to v1.11.1 (#239) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-01 15:31:07 +00:00
laurentsimon
26c928f5b7 Verify text provenance for GCB (#242) 
* update

* update

* update

* update

* update

* comments

* comments
 2022-08-30 23:08:46 +00:00
WhiteSource Renovate
3fc1dbde46 fix(deps): update module github.com/sigstore/rekor to v0.11.0 (#225) 2022-08-23 09:38:20 -05:00
WhiteSource Renovate
ab0daccd34 fix(deps): update module github.com/sigstore/cosign to v1.11.0 (#224) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-23 14:13:21 +00:00
WhiteSource Renovate
459608e7d8 fix(deps): update module github.com/go-openapi/swag to v0.22.3 (#215) 2022-08-19 11:55:11 -07:00
asraa
7b4b9cde06 feat: support oci image verification (#147) 
* feat: support oci image verification

Signed-off-by: Asra Ali <asraa@google.com>

* add testing folder

Signed-off-by: Asra Ali <asraa@google.com>

* update name and make fix

Signed-off-by: Asra Ali <asraa@google.com>

* add tests

Signed-off-by: Asra Ali <asraa@google.com>

* Add initial testing

Signed-off-by: Asra Ali <asraa@google.com>

* updated comments

Signed-off-by: Asra Ali <asraa@google.com>

* update

Signed-off-by: Asra Ali <asraa@google.com>

* fix digest calculation

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-08-17 15:59:01 -05:00
WhiteSource Renovate
a7d3c61f21 fix(deps): update module github.com/sigstore/cosign to v1.10.1 (#198) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-08 19:18:50 +00:00
laurentsimon
caaf1c1b8e feat: Create a verifier as a service (#182) 
* update

* update

* update

* tests

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* comments

* update

* update

* update

* update

* update
 2022-08-03 14:29:25 -07:00
WhiteSource Renovate
cdbab2bf0a fix(deps): update module github.com/google/trillian to v1.4.2 (#176) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-03 09:27:02 -05:00
WhiteSource Renovate
b911c68206 fix(deps): update module github.com/sigstore/sigstore to v1.3.1 (#177) 2022-08-02 14:19:30 -05:00
WhiteSource Renovate
13f7935ecf fix(deps): update module github.com/sigstore/rekor to v0.10.0 (#178) 2022-08-01 14:06:06 -05:00
WhiteSource Renovate
fb9aeaf638 fix(deps): update module github.com/sigstore/cosign to v1.10.0 (#166) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-25 13:05:03 -05:00
WhiteSource Renovate
e154b5534a fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.0 (#167) 2022-07-25 10:12:15 -05:00
WhiteSource Renovate
390d18a96c fix(deps): update module github.com/go-openapi/strfmt to v0.21.3 (#152) 2022-07-18 08:05:26 -05:00
Naveen
3b17f9c76f Refactor - deprecated libraries (#128) 
- Refactored to move away from github.com/google/trillian/merkle/logverifier"
and github.com/google/trillian/merkle/rfc6962

- Included go mod tidy for validation

- Fixes #https://github.com/slsa-framework/slsa-verifier/issues/61

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Co-authored-by: asraa <asraa@google.com>
 2022-07-12 18:57:42 +00:00
WhiteSource Renovate
17019c1c07 fix(deps): update module github.com/sigstore/rekor to v0.9.1 (#137) 2022-07-11 12:19:37 -05:00
WhiteSource Renovate
6ac968186d fix(deps): update module github.com/sigstore/sigstore to v1.3.0 (#123) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-07 12:53:06 +00:00
WhiteSource Renovate
8e1e977a89 fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.1.1 (#124) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-06 15:57:46 +00:00
WhiteSource Renovate
d972ccaee0 fix(deps): update module github.com/sigstore/rekor to v0.9.0 (#122) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-06 15:43:58 +00:00
dependabot[bot]
73b3f6a579 🌱 Bump github.com/sigstore/rekor from 0.8.1 to 0.8.2 (#109) 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 0.8.1 to 0.8.2.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v0.8.1...v0.8.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-28 12:49:48 -05:00
asraa
3a059ae446 fix: add verification without redis index (#97) 
* add verification without redis index

Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 15:05:20 -05:00
asraa
fbada96c2c chore: update sigstore components (#102) 
* update sigstore components

Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 12:01:58 -05:00
Naveen
40e594d552 Upgrade to go 1.18 (#100) 
The https://github.com/slsa-framework/slsa-github-generator is in go
1.18 and keeping it consistent.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-06-20 11:32:59 -05:00
dependabot[bot]
8f2dd288a6 🌱 Bump github.com/google/trillian from 1.4.0 to 1.4.1 (#52) 
Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-25 00:35:03 +00:00
dependabot[bot]
cecdad7373 🌱 Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#50) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 10:28:48 -05:00
dependabot[bot]
6600fc3623 🌱 Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#45) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.3 to 0.24.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.3...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-29 14:20:34 -07:00
dependabot[bot]
f0ec07191c 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#41) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-04-28 00:55:33 +00:00
dependabot[bot]
a53fa7eba4 🌱 Bump github.com/sigstore/cosign from 1.7.0 to 1.7.2 (#34) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.7.0 to 1.7.2.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v1.7.0...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-14 12:14:09 -05:00
dependabot[bot]
f545957a6e 🌱 Bump github.com/sigstore/cosign from 1.6.0 to 1.7.0 (#25) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 12:59:55 -07:00
laurentsimon
7c64c73c2a Add tag and version verification (#18) 
* Add tag verification

* fix

* fix

* fix
 2022-04-01 14:22:36 -05:00
laurentsimon
095f60a0ba Option to verify branch (#13) 
* Verify branch

* remove logging

* fixes

* tidy

* tidy

* comments

* comments
 2022-03-31 12:34:42 -05:00
laurentsimon
31311a3151 Update package names and other references (#9) 
* Update repo/project names

* update
 2022-03-29 07:41:56 -07:00
laurentsimon
6cdcbf9a66 Transffer from github.com/gossts/slsa-provenance (#1) 2022-03-28 08:46:38 -07:00