slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 08:37:00 +00:00

Author	SHA1	Message	Date
WhiteSource Renovate	2adefa0e01	chore(deps): update github-actions (#240 ) Co-authored-by: asraa <asraa@google.com>	2022-09-02 16:01:16 +00:00
WhiteSource Renovate	106f50c7ee	chore(deps): update actions/checkout action to v3 (#227 )	2022-08-23 09:03:56 -05:00
WhiteSource Renovate	ab70a51d20	chore(deps): update github-actions (#222 )	2022-08-22 14:47:52 -07:00
asraa	5c43d4062f	ci: add release workflow test at presubmit (#212 ) * ci: add release workflow test Signed-off-by: Asra Ali <asraa@google.com>	2022-08-15 10:13:26 -05:00
WhiteSource Renovate	691fbbe75b	chore(deps): update github/codeql-action action to v2.1.18 (#195 ) Co-authored-by: asraa <asraa@google.com>	2022-08-08 16:51:08 +00:00
laurentsimon	caaf1c1b8e	feat: Create a verifier as a service (#182 ) * update * update * update * tests * update * update * update * update * update * update * update * update * update * update * comments * update * update * update * update * update	2022-08-03 14:29:25 -07:00
WhiteSource Renovate	8dab07b39b	chore(deps): update github/codeql-action action to v2 (#168 )	2022-08-03 13:11:28 -05:00
WhiteSource Renovate	ab278de311	chore(deps): update github-actions (#175 ) Co-authored-by: asraa <asraa@google.com>	2022-08-02 19:28:36 +00:00
WhiteSource Renovate	6dc5a273c7	chore(deps): update github-actions (#165 )	2022-07-25 20:31:40 +00:00
laurentsimon	05def419b2	update (#170 )	2022-07-25 20:14:00 +00:00
laurentsimon	6a2f070bf8	feat: Group GHA removatebot updates (#153 ) * update * update	2022-07-18 16:32:46 +00:00
WhiteSource Renovate	058cb80ec1	chore(deps): update ossf/scorecard-action digest to ccd0038 (#151 ) Co-authored-by: asraa <asraa@google.com>	2022-07-18 13:16:08 +00:00
WhiteSource Renovate	567bb6454d	chore(deps): update slsa-framework/slsa-github-generator action to v1.1.1 (#121 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 14:55:39 -05:00
WhiteSource Renovate	46cf180c2e	chore(deps): update actions/setup-go digest to 84cbf80 (#120 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 18:48:53 +00:00
WhiteSource Renovate	84f7ea1baf	chore(deps): update actions/dependency-review-action digest to f187f64 (#119 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 18:34:27 +00:00
WhiteSource Renovate	841a90ee17	chore(deps): update actions/upload-artifact digest to 3cea537 (#134 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 18:07:48 +00:00
WhiteSource Renovate	38278be092	chore(deps): update github/codeql-action digest to ea8fb21 (#135 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 17:42:40 +00:00
WhiteSource Renovate	fcef6ecb5d	chore(deps): update ossf/scorecard-action digest to ce330fd (#136 ) Co-authored-by: asraa <asraa@google.com>	2022-07-11 17:27:43 +00:00
Naveen	73d10ecfbf	Create scorecards.yml (#130 )	2022-07-07 17:09:29 -07:00
WhiteSource Renovate	83d02990d0	chore(deps): update actions/checkout digest to 2541b12 (#118 )	2022-07-06 10:34:55 -05:00
asraa	5875b0a74f	bump release generator version (#103 ) Signed-off-by: Asra Ali <asraa@google.com>	2022-06-20 21:12:34 +00:00
Naveen	40e594d552	Upgrade to go 1.18 (#100 ) The https://github.com/slsa-framework/slsa-github-generator is in go 1.18 and keeping it consistent. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-06-20 11:32:59 -05:00
dependabot[bot]	02bcbccec5	🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2 (#96 ) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`a9c83d3af6...1c59cdf2a9`) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-06-17 14:43:57 -05:00
dependabot[bot]	a72bb2573e	🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 (#70 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`fcdc43634a...b22fbbc292`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-27 07:32:03 -07:00
laurentsimon	f9e31da2a5	✨ Allow main branch only for trusted builder and e2e tests repos (#63 ) * updates * updates * updates * updates * updates * updates * updates * updates * updates * updates * Fix unit tests * unit tests * updates * updates * updates * updates * updates	2022-05-26 15:31:05 +00:00
dependabot[bot]	87c99259e0	🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 (#54 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`f6164bd8c8...fcdc43634a`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-05-26 15:16:27 +00:00
dependabot[bot]	ae2d059cef	🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#62 ) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`39e692fa32...a9c83d3af6`) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-05-24 17:25:33 -07:00
dependabot[bot]	5688cc79ad	🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#58 ) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](`3f943b86c9...39e692fa32`) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-05-23 18:57:04 +00:00
laurentsimon	74840d4cc7	updates (#48 )	2022-05-06 08:44:46 -05:00
dependabot[bot]	54a8196e78	🌱 Bump github/codeql-action from 1 to 2 (#39 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-04-27 17:44:31 -07:00
Naveen	c6a59bb827	Included dependency review check (#33 ) > This action scans your pull requests for dependency changes and will raise an error if any > new dependencies have existing vulnerabilities. The action is supported > by an API endpoint that diffs the dependencies between any two revisions. - Included the https://github.com/actions/dependency-review-action Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>	2022-04-11 16:22:56 +00:00
dependabot[bot]	32e4468647	🌱 Bump actions/checkout from 2 to 3 (#15 ) * 🌱 Bump actions/checkout from 2 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * update version comment Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Asra Ali <asraa@google.com>	2022-03-31 11:37:16 -05:00
dependabot[bot]	dd8b3460a8	🌱 Bump actions/setup-go from 2.2.0 to 3 (#14 ) * 🌱 Bump actions/setup-go from 2.2.0 to 3 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](`bfdd3570ce...f6164bd8c8`) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * update version comment Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Asra Ali <asraa@google.com>	2022-03-31 11:01:25 -05:00
Joshua Lock	25528e0083	fix(codeql): fix branch wildcard (#11 ) * is a special character in YAML, so we must use quotes https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet Signed-off-by: Joshua Lock <jlock@vmware.com>	2022-03-29 18:02:06 +01:00
laurentsimon	6cdcbf9a66	Transffer from github.com/gossts/slsa-provenance (#1 )	2022-03-28 08:46:38 -07:00

35 Commits