slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 16:46:57 +00:00

Author	SHA1	Message	Date
Ian Lewis	62c0dfdde9	docs: Update docs for 2.2.0 release. (#556 ) * Update SHA256SUM.md Signed-off-by: Ian Lewis <ianlewis@google.com> * Update version in docs Signed-off-by: Ian Lewis <ianlewis@google.com> --------- Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-04-13 19:15:15 +00:00
asraa	1bbdd661a8	docs: remove duplicated table of contents (#557 ) * docs: remove duplicated table of contents Signed-off-by: Asra Ali <asraa@google.com> * fix action installation list Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com>	2023-04-13 11:43:18 -07:00
Mend Renovate	623cf20a23	fix(deps): update npm (#535 ) * fix(deps): update npm --------- Signed-off-by: Renovate Bot <bot@renovateapp.com> Signed-off-by: Ian Lewis <ianlewis@google.com> Co-authored-by: Ian Lewis <ianlewis@google.com> v2.2.0 v2.2.0-rc.0	2023-04-11 13:41:24 +09:00
Drew Roen	e7279e828e	docs: Update README.md (#541 ) Update README.md Adding an alternative option for installing slsa-verifier if you do not rely on additional tooling. The benefit of this option is improved readability. Signed-off-by: Drew Roen <102626803+drewroengoogle@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 02:24:36 +00:00
Mend Renovate	9c3152fe9f	chore(deps): update github-actions (#544 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 02:09:29 +00:00
Mend Renovate	84c3bbdd84	chore(deps): update npm dev (#534 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 10:57:38 +09:00
Mend Renovate	6137b13c0e	fix(deps): update github.com/sigstore/protobuf-specs digest to 4dbf10b (#553 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 00:20:40 +00:00
Mend Renovate	3c5abb613f	chore(deps): update dependency typescript to v5 (#545 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 00:08:54 +00:00
Ian Lewis	f96d91bdd2	fix: Support pre-releases on trusted repos (#552 ) Support pre-releases on trusted repos --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-04-11 08:54:33 +09:00
asraa	b01cb9d69c	chore: report scheduled release workflow failures (#543 ) * chore: report scheduled release workflow failures Signed-off-by: Asra Ali <asraa@google.com> * fix: fix yamllint Signed-off-by: Asra Ali <asraa@google.com> * empty commit Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-03-24 23:40:49 +00:00
Mend Renovate	ed7976a0d4	chore(deps): update github-actions (#529 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-03-24 14:36:38 +00:00
Mend Renovate	a09c6aa06a	fix(deps): update github.com/sigstore/protobuf-specs digest to c8a23a4 (#528 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-03-24 13:45:48 +00:00
Mend Renovate	c4400c7475	chore(deps): update github-actions (major) (#536 ) chore(deps): update github-actions Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-03-24 08:33:31 -05:00
laurentsimon	37e3b406cb	feat: GCB tag and versioned-tag support for containers (#540 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-03-23 16:57:34 +00:00
Batuhan Apaydın	5c377787ec	feat: verification for provenance (#537 ) * verification for provenance Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> * Fix linter warnings Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> --------- Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-03-21 19:11:35 -07:00
asraa	e8ce5c0204	chore: update docs for release v2.1.0 (#530 ) * chore: update docs for release v2.1.0 Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com>	2023-03-17 15:07:25 +00:00
Ian Lewis	a1be080731	fix: Update references check (#533 ) Fix references check Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-03-17 09:54:07 -05:00
Mend Renovate	1ed3847709	chore(deps): update npm dev (#517 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> v2.1.0	2023-03-14 11:58:36 +09:00
Shunsuke Suzuki	58786d3274	chore: add a file extension ".exe" to Windows artifacts (#527 ) Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-03-10 21:57:56 +00:00
laurentsimon	20b06426ff	docs: update installation to cover the Action and to receive updates (#523 ) docs: update installation to cover the Action and to receive updates (#523) Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-03-10 15:46:04 -06:00
laurentsimon	ae38103ecf	feat: verify sourceURI for npm packages (#521 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update verifiers/internal/gha/provenance.go Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-03-10 17:13:29 +00:00
asraa	5a77b25fb4	fix: fix GCB verification with git material source prefix (#519 ) Signed-off-by: Asra Ali <asraa@google.com>	2023-03-09 10:00:19 +09:00
Kevin Halk	47495c7d5b	feat: Update SLSA verifier to support a global signing key for GCB V1 which… (#509 ) * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> * Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format - new public key for "global PAE signing key" - test data and unit tests Signed-off-by: Kevin Halk <khalk@google.com> --------- Signed-off-by: Kevin Halk <khalk@google.com>	2023-03-06 16:02:30 +00:00
Mend Renovate	9f57e6add9	chore(deps): update github-actions (#502 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-03-06 00:48:50 +00:00
laurentsimon	82a12591ff	feat: npm default runner support (#495 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-03-02 21:53:29 +00:00
Ian Lewis	12910ea596	test: Add test data for v1.5.0 (#506 ) * Add test data for v1.5.0 * Fix container tests --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-02-28 12:03:20 +09:00
Mend Renovate	66931c71be	chore(deps): update npm dev (#501 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-27 17:46:32 +09:00
Mend Renovate	5fc3389c24	fix(deps): update github.com/sigstore/protobuf-specs digest to 44103a5 (#499 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-22 12:21:03 +09:00
Mend Renovate	f2b8ee8fff	chore(deps): update npm dev (#497 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-22 10:52:04 +09:00
Mend Renovate	48913f6c43	chore(deps): update golang:1.19 docker digest to 7ce31d1 (#490 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-22 10:05:25 +09:00
asraa	d8c2961d82	test: add docker based spport and start adding tests (#486 ) Signed-off-by: Asra Ali <asraa@google.com>	2023-02-15 20:46:11 +00:00
Ian Lewis	a2388a3c49	ci: Add go mod tidy to renovate post update (#484 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-02-13 22:32:59 +00:00
Mend Renovate	64d1a7f5e9	fix(deps): update module github.com/sigstore/cosign/v2 to v2.0.0-rc.2 (#481 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-14 07:12:13 +09:00
Mend Renovate	13b4c3e75b	chore(deps): update github/codeql-action action to v2.2.4 (#480 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-13 14:36:07 +00:00
Mend Renovate	878947f5e8	chore(deps): update npm dev (#482 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-13 09:46:28 +00:00
Mend Renovate	654a58c2af	chore(deps): update golang:1.19 docker digest to 572f680 (#469 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-13 13:19:15 +09:00
asraa	0bb98050f2	fix: use a uniform verifier interface for provenance type (#478 ) * cleanup: use a uniform verifier interface for provenance type Signed-off-by: Asra Ali <asraa@google.com> * fix experimental gateg Signed-off-by: Asra Ali <asraa@google.com> * oops Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com>	2023-02-10 14:04:12 -08:00
asraa	5d6c770d43	feat: support branch and tag from slsa v1 provenance (#476 ) * feat: support branch and tag from slsa v1 provenance Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-02-10 21:33:16 +00:00
asraa	239c4489ce	feat: add slsa v1?draft provenance experimental support (#470 ) * feat: add slsa v1?draft provenance support Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-02-09 17:21:15 +00:00
Mend Renovate	69da812e1c	fix(deps): update github.com/sigstore/protobuf-specs digest to 9b722b6 (#465 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-07 20:15:42 +00:00
Mend Renovate	53ca117e3c	chore(deps): update npm dev (#466 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-02-06 15:01:12 +00:00
Mend Renovate	be04b2a04c	fix(deps): update module github.com/in-toto/in-toto-golang to v0.6.0 (#468 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-06 08:52:55 -06:00
asraa	fec5b6a7b5	refactor: generalize provenance out of predicate type info (#463 ) * refactor: generalize provenance out of predicate type info Signed-off-by: Asra Ali <asraa@google.com>	2023-02-03 23:30:23 +00:00
asraa	362bd1a331	feat: add offline bundle signature verification (#457 ) * feat: add bundle signature verification Signed-off-by: Asra Ali <asraa@google.com>	2023-02-03 09:31:40 -06:00
Mend Renovate	0af383c2bd	chore(deps): update golang:1.19 docker digest to bb9811f (#261 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-30 05:50:04 -08:00
Mend Renovate	9578b3838e	chore(deps): update github-actions (#460 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-30 05:33:14 -08:00
Mend Renovate	3c012d278e	chore(deps): update npm dev (#459 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-30 05:23:26 -08:00
Pedro Nacht	5deacad765	ci: Ensure all version references are up-to-date prior to release (#447 ) * Create references.sh Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * WIP: check docs in pre-submits Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Clean up Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Fix based on comments Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Add instructions to RELEASE.md Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Check references match version in PR body Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2023-01-27 23:12:37 +00:00
asraa	2444233891	test: add builder id tests for short form (#455 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-01-26 09:35:22 -06:00
asraa	bcd23c945e	chore: enable some Go linters (#456 ) * enable deadcode Signed-off-by: Asra Ali <asraa@google.com> * enable unconvert Signed-off-by: Asra Ali <asraa@google.com> * enable thelper Signed-off-by: Asra Ali <asraa@google.com> * enable stylecheck Signed-off-by: Asra Ali <asraa@google.com> * enable misspell Signed-off-by: Asra Ali <asraa@google.com> * enable gocritic Signed-off-by: Asra Ali <asraa@google.com> * enable godot Signed-off-by: Asra Ali <asraa@google.com> * enable staticcheck Signed-off-by: Asra Ali <asraa@google.com> * address experimental deadcode Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-01-25 19:51:10 +00:00

1 2 3 4 5 ...

298 Commits