github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-06 00:26:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
317 Commits 40 Branches 45 Tags
c9abffe4d2ab2ffa0b2ea9b2582b84164f390adc
Commit Graph

317 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mend Renovate
c9abffe4d2 chore(deps): update npm dev (#586) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
v2.3.0 v2.3.0-rc.3 		2023-05-10 00:48:36 +00:00
Ian Lewis
95e6555274 docs: Add docs for npm package verification (#587) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-05-10 00:33:29 +00:00
laurentsimon
3a4e992444 feat: verify claims in provenance match the certificate (#572) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-05-09 23:52:36 +00:00
Mend Renovate
8da58c6c6d chore(deps): update github/codeql-action action to v2.3.3 (#585) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
v2.3.0-rc.2 		2023-05-08 16:30:17 +00:00
Mend Renovate
9b6ec903b9 fix(deps): update github.com/sigstore/protobuf-specs digest to 91485b4 (#584) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-09 00:32:22 +09:00
asraa
467e0820b6 chore: update slsa provenance to v1 (#579) 
* chore: update slsa provenance to v1

Signed-off-by: Asra Ali <asraa@google.com>

* fix import path

Signed-off-by: Asra Ali <asraa@google.com>

* update dsse testcases

Signed-off-by: Asra Ali <asraa@google.com>

* fix cosign image verification in update

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
 2023-05-08 15:18:16 +00:00
sunnyyip
030c40080b docs(gh-action): update actions installer path (#581) 
Signed-off-by: Sunny Yip <sunny@kusari.dev>
 2023-05-03 09:20:04 -07:00
Ian Lewis
88cd40e2ee feat: Use low-perms delegator for Node.js builder (#577) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
v2.3.0-rc.1 		2023-05-01 16:27:58 +09:00
Mend Renovate
5c0baa4f3e chore(deps): update npm dev (#568) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-01 11:03:55 +09:00
laurentsimon
d67e7c1da7 feat: npm: Make package name and version mandatory for verification (#576) 
Signed-off-by: laurentsimon <laurentsimon@google.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-05-01 01:48:41 +00:00
Mend Renovate
954a421526 fix(deps): update github.com/sigstore/protobuf-specs digest to 13e09aa (#578) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-01 01:35:03 +00:00
Mend Renovate
515b41ca3f chore(deps): update github/codeql-action action to v2.3.2 (#569) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-05-01 09:48:55 +09:00
Ian Lewis
2e60ff0e48 fix: Read newer attestation file format (#564) 
* Read newer attestation file format

Signed-off-by: Ian Lewis <ianlewis@google.com>

* Update error message

Signed-off-by: Ian Lewis <ianlewis@google.com>

* revert change

Signed-off-by: Ian Lewis <ianlewis@google.com>

* Update test data

Signed-off-by: Ian Lewis <ianlewis@google.com>

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
v2.3.0-rc.0 		2023-04-21 07:38:16 +09:00
laurentsimon
c0cadc0117 feat: support for BYOB verification (#562) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update verifiers/internal/gha/provenance.go

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-19 19:07:27 +00:00
Mend Renovate
0a7e71cb09 fix(deps): update github.com/sigstore/protobuf-specs digest to b6d2576 (#559) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-19 13:34:26 +09:00
Mend Renovate
fb0810e150 chore(deps): update gcr.io/distroless/base:nonroot docker digest to 42311d8 (#504) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-18 15:50:54 +09:00
Mend Renovate
a21c8747a4 chore(deps): update golang:1.19 docker digest to 9f2dd04 (#516) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-18 02:03:18 +00:00
Mend Renovate
e1ea1da472 chore(deps): update github-actions (#560) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-04-18 10:52:54 +09:00
Ian Lewis
b5000ebfc0 fix: Slack badge (#558) 
Fix slack badge

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-04-14 10:04:31 +09:00
Ian Lewis
62c0dfdde9 docs: Update docs for 2.2.0 release. (#556) 
* Update SHA256SUM.md

Signed-off-by: Ian Lewis <ianlewis@google.com>

* Update version in docs

Signed-off-by: Ian Lewis <ianlewis@google.com>

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-04-13 19:15:15 +00:00
asraa
1bbdd661a8 docs: remove duplicated table of contents (#557) 
* docs: remove duplicated table of contents

Signed-off-by: Asra Ali <asraa@google.com>

* fix action installation list

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
 2023-04-13 11:43:18 -07:00
Mend Renovate
623cf20a23 fix(deps): update npm (#535) 
* fix(deps): update npm

---------

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
v2.2.0 v2.2.0-rc.0 		2023-04-11 13:41:24 +09:00
Drew Roen
e7279e828e docs: Update README.md (#541) 
Update README.md

Adding an alternative option for installing slsa-verifier if you do not rely on additional tooling. The benefit of this option is improved readability.

Signed-off-by: Drew Roen <102626803+drewroengoogle@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 02:24:36 +00:00
Mend Renovate
9c3152fe9f chore(deps): update github-actions (#544) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 02:09:29 +00:00
Mend Renovate
84c3bbdd84 chore(deps): update npm dev (#534) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 10:57:38 +09:00
Mend Renovate
6137b13c0e fix(deps): update github.com/sigstore/protobuf-specs digest to 4dbf10b (#553) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 00:20:40 +00:00
Mend Renovate
3c5abb613f chore(deps): update dependency typescript to v5 (#545) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 00:08:54 +00:00
Ian Lewis
f96d91bdd2 fix: Support pre-releases on trusted repos (#552) 
Support pre-releases on trusted repos

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-04-11 08:54:33 +09:00
asraa
b01cb9d69c chore: report scheduled release workflow failures (#543) 
* chore: report scheduled release workflow failures

Signed-off-by: Asra Ali <asraa@google.com>

* fix: fix yamllint

Signed-off-by: Asra Ali <asraa@google.com>

* empty commit

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-03-24 23:40:49 +00:00
Mend Renovate
ed7976a0d4 chore(deps): update github-actions (#529) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-03-24 14:36:38 +00:00
Mend Renovate
a09c6aa06a fix(deps): update github.com/sigstore/protobuf-specs digest to c8a23a4 (#528) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-03-24 13:45:48 +00:00
Mend Renovate
c4400c7475 chore(deps): update github-actions (major) (#536) 
chore(deps): update github-actions

Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-03-24 08:33:31 -05:00
laurentsimon
37e3b406cb feat: GCB tag and versioned-tag support for containers (#540) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-23 16:57:34 +00:00
Batuhan Apaydın
5c377787ec feat: verification for provenance (#537) 
* verification for provenance

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

* Fix linter warnings

Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

---------

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-03-21 19:11:35 -07:00
asraa
e8ce5c0204 chore: update docs for release v2.1.0 (#530) 
* chore: update docs for release v2.1.0

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
 2023-03-17 15:07:25 +00:00
Ian Lewis
a1be080731 fix: Update references check (#533) 
Fix references check

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-03-17 09:54:07 -05:00
Mend Renovate
1ed3847709 chore(deps): update npm dev (#517) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
v2.1.0 		2023-03-14 11:58:36 +09:00
Shunsuke Suzuki
58786d3274 chore: add a file extension ".exe" to Windows artifacts (#527) 
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-03-10 21:57:56 +00:00
laurentsimon
20b06426ff docs: update installation to cover the Action and to receive updates (#523) 
docs: update installation to cover the Action and to receive updates (#523)

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-10 15:46:04 -06:00
laurentsimon
ae38103ecf feat: verify sourceURI for npm packages (#521) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update verifiers/internal/gha/provenance.go

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-03-10 17:13:29 +00:00
asraa
5a77b25fb4 fix: fix GCB verification with git material source prefix (#519) 
Signed-off-by: Asra Ali <asraa@google.com>
 2023-03-09 10:00:19 +09:00
Kevin Halk
47495c7d5b feat: Update SLSA verifier to support a global signing key for GCB V1 which… (#509) 
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

---------

Signed-off-by: Kevin Halk <khalk@google.com>
 2023-03-06 16:02:30 +00:00
Mend Renovate
9f57e6add9 chore(deps): update github-actions (#502) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-03-06 00:48:50 +00:00
laurentsimon
82a12591ff feat: npm default runner support (#495) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-02 21:53:29 +00:00
Ian Lewis
12910ea596 test: Add test data for v1.5.0 (#506) 
* Add test data for v1.5.0
* Fix container tests

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-02-28 12:03:20 +09:00
Mend Renovate
66931c71be chore(deps): update npm dev (#501) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-27 17:46:32 +09:00
Mend Renovate
5fc3389c24 fix(deps): update github.com/sigstore/protobuf-specs digest to 44103a5 (#499) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 12:21:03 +09:00
Mend Renovate
f2b8ee8fff chore(deps): update npm dev (#497) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 10:52:04 +09:00
Mend Renovate
48913f6c43 chore(deps): update golang:1.19 docker digest to 7ce31d1 (#490) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 10:05:25 +09:00
asraa
d8c2961d82 test: add docker based spport and start adding tests (#486) 
Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-15 20:46:11 +00:00