github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 00:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
96 Commits 40 Branches 45 Tags
ab278de311ba49eea65dfd4bdf5ef201115c77a7
Commit Graph

28 Commits

Author SHA1 Message Date
WhiteSource Renovate
ab278de311 chore(deps): update github-actions (#175) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-02 19:28:36 +00:00
WhiteSource Renovate
6dc5a273c7 chore(deps): update github-actions (#165) 2022-07-25 20:31:40 +00:00
laurentsimon
05def419b2 update (#170) 2022-07-25 20:14:00 +00:00
laurentsimon
6a2f070bf8 feat: Group GHA removatebot updates (#153) 
* update

* update
 2022-07-18 16:32:46 +00:00
WhiteSource Renovate
058cb80ec1 chore(deps): update ossf/scorecard-action digest to ccd0038 (#151) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-18 13:16:08 +00:00
WhiteSource Renovate
567bb6454d chore(deps): update slsa-framework/slsa-github-generator action to v1.1.1 (#121) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 14:55:39 -05:00
WhiteSource Renovate
46cf180c2e chore(deps): update actions/setup-go digest to 84cbf80 (#120) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:48:53 +00:00
WhiteSource Renovate
84f7ea1baf chore(deps): update actions/dependency-review-action digest to f187f64 (#119) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:34:27 +00:00
WhiteSource Renovate
841a90ee17 chore(deps): update actions/upload-artifact digest to 3cea537 (#134) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:07:48 +00:00
WhiteSource Renovate
38278be092 chore(deps): update github/codeql-action digest to ea8fb21 (#135) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 17:42:40 +00:00
WhiteSource Renovate
fcef6ecb5d chore(deps): update ossf/scorecard-action digest to ce330fd (#136) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 17:27:43 +00:00
Naveen
73d10ecfbf Create scorecards.yml (#130) 2022-07-07 17:09:29 -07:00
WhiteSource Renovate
83d02990d0 chore(deps): update actions/checkout digest to 2541b12 (#118) 2022-07-06 10:34:55 -05:00
asraa
5875b0a74f bump release generator version (#103) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 21:12:34 +00:00
Naveen
40e594d552 Upgrade to go 1.18 (#100) 
The https://github.com/slsa-framework/slsa-github-generator is in go
1.18 and keeping it consistent.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-06-20 11:32:59 -05:00
dependabot[bot]
02bcbccec5 🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2 (#96) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](a9c83d3af6...1c59cdf2a9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-17 14:43:57 -05:00
dependabot[bot]
a72bb2573e 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 (#70) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-27 07:32:03 -07:00
laurentsimon
f9e31da2a5 Allow main branch only for trusted builder and e2e tests repos (#63) 
* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Fix unit tests

* unit tests

* updates

* updates

* updates

* updates

* updates
 2022-05-26 15:31:05 +00:00
dependabot[bot]
87c99259e0 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 (#54) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-26 15:16:27 +00:00
dependabot[bot]
ae2d059cef 🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#62) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-24 17:25:33 -07:00
dependabot[bot]
5688cc79ad 🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#58) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-23 18:57:04 +00:00
laurentsimon
74840d4cc7 updates (#48) 2022-05-06 08:44:46 -05:00
dependabot[bot]
54a8196e78 🌱 Bump github/codeql-action from 1 to 2 (#39) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 17:44:31 -07:00
Naveen
c6a59bb827 Included dependency review check (#33) 
> This action scans your pull requests for dependency changes and will raise an error if any
> new dependencies have existing vulnerabilities. The action is supported
> by an API endpoint that diffs the dependencies between any two revisions.

- Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-11 16:22:56 +00:00
dependabot[bot]
32e4468647 🌱 Bump actions/checkout from 2 to 3 (#15) 
* 🌱 Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:37:16 -05:00
dependabot[bot]
dd8b3460a8 🌱 Bump actions/setup-go from 2.2.0 to 3 (#14) 
* 🌱 Bump actions/setup-go from 2.2.0 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](bfdd3570ce...f6164bd8c8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:01:25 -05:00
Joshua Lock
25528e0083 fix(codeql): fix branch wildcard (#11) 
* is a special character in YAML, so we must use quotes
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-03-29 18:02:06 +01:00
laurentsimon
6cdcbf9a66 Transffer from github.com/gossts/slsa-provenance (#1) 2022-03-28 08:46:38 -07:00