github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-09 01:56:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
17 Commits 40 Branches 45 Tags
bb7debf05473eeac0dcd27469b0e1db034bfb5c8
Commit Graph

17 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
laurentsimon
bb7debf054 Update name of argument (#35) 2022-04-25 10:26:40 +01:00
dependabot[bot]
a53fa7eba4 🌱 Bump github.com/sigstore/cosign from 1.7.0 to 1.7.2 (#34) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.7.0 to 1.7.2.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v1.7.0...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-14 12:14:09 -05:00
Naveen
c6a59bb827 Included dependency review check (#33) 
> This action scans your pull requests for dependency changes and will raise an error if any
> new dependencies have existing vulnerabilities. The action is supported
> by an API endpoint that diffs the dependencies between any two revisions.

- Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-11 16:22:56 +00:00
laurentsimon
8a9a5858a3 Update main_test.go (#28) 2022-04-06 15:29:13 +00:00
dependabot[bot]
f545957a6e 🌱 Bump github.com/sigstore/cosign from 1.6.0 to 1.7.0 (#25) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 12:59:55 -07:00
laurentsimon
aee753f58f Add CLI tests (#23) 
* draft

* Fixes

* Add option

* comments

* comments

* comment
 2022-04-04 21:21:49 +00:00
laurentsimon
60a4eb8657 Update README.md (#24) 2022-04-04 20:46:05 +00:00
laurentsimon
2a5b8f3c58 Disable versioned tag (#22) 2022-04-04 13:16:52 -05:00
laurentsimon
cac0be23ab 📖 Add README content (#19) 
* Add README content

* typo

* comments

* comments

* fix
 2022-04-01 21:54:31 +00:00
laurentsimon
7c64c73c2a Add tag and version verification (#18) 
* Add tag verification

* fix

* fix

* fix
 2022-04-01 14:22:36 -05:00
laurentsimon
095f60a0ba Option to verify branch (#13) 
* Verify branch

* remove logging

* fixes

* tidy

* tidy

* comments

* comments
 2022-03-31 12:34:42 -05:00
dependabot[bot]
32e4468647 🌱 Bump actions/checkout from 2 to 3 (#15) 
* 🌱 Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:37:16 -05:00
dependabot[bot]
dd8b3460a8 🌱 Bump actions/setup-go from 2.2.0 to 3 (#14) 
* 🌱 Bump actions/setup-go from 2.2.0 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](bfdd3570ce...f6164bd8c8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:01:25 -05:00
Joshua Lock
25528e0083 fix(codeql): fix branch wildcard (#11) 
* is a special character in YAML, so we must use quotes
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-03-29 18:02:06 +01:00
laurentsimon
31311a3151 Update package names and other references (#9) 
* Update repo/project names

* update
 2022-03-29 07:41:56 -07:00
laurentsimon
6cdcbf9a66 Transffer from github.com/gossts/slsa-provenance (#1) 2022-03-28 08:46:38 -07:00
laurentsimon
8187241983 Initial commit 2022-03-25 14:01:49 -07:00