github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 09:06:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
45 Commits 40 Branches 45 Tags
v1.0.0
Commit Graph

45 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
asraa
c1b6db643d fix: add v0.0.2 subfolder for builder testdata (#80) 
* add subfolder for testdata

Signed-off-by: Asra Ali <asraa@google.com>
v1.0.0 		2022-06-07 17:25:38 -05:00
laurentsimon
380627ad54 Add installation option (#83) 2022-06-07 09:39:07 -07:00
asraa
1d50070dc1 remove old refs to builders (#81) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-07 08:42:22 -07:00
asraa
0d8f412198 add tests for the e2e repository (#78) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-06 16:05:59 -05:00
asraa
c80938e298 fix prints to stdout and stderr and update README.md (#77) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-02 16:07:21 -07:00
asraa
50e8539e35 print verified provenance on stdout (#76) 
Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-06-02 09:53:00 -07:00
laurentsimon
21527372e3 📖 Release process for the verifier (#71) 
* release for the verifier

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* comments

* updates
 2022-06-02 01:20:24 +00:00
dependabot[bot]
a72bb2573e 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 (#70) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-27 07:32:03 -07:00
asraa
8596e23935 add e2e test malicious builder and cert expiry (#69) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-26 21:46:24 +00:00
asraa
a411040704 e2e: test signed provenance without rekor upload (#68) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-26 14:12:06 -07:00
laurentsimon
f9e31da2a5 Allow main branch only for trusted builder and e2e tests repos (#63) 
* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Fix unit tests

* unit tests

* updates

* updates

* updates

* updates

* updates
v0.0.1 		2022-05-26 15:31:05 +00:00
dependabot[bot]
87c99259e0 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 (#54) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-26 15:16:27 +00:00
dependabot[bot]
8f2dd288a6 🌱 Bump github.com/google/trillian from 1.4.0 to 1.4.1 (#52) 
Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-25 00:35:03 +00:00
dependabot[bot]
ae2d059cef 🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#62) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-24 17:25:33 -07:00
dependabot[bot]
5688cc79ad 🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#58) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-23 18:57:04 +00:00
laurentsimon
e6f7527557 Unit tests for prerelease and build semver (#60) 
* tests for prerelease and build semver

* updates
 2022-05-23 18:43:52 +00:00
laurentsimon
e1494efa25 update (#59) 2022-05-19 00:14:11 +00:00
Ian Lewis
8ad941a0f8 Add provenance only workflow (#53) 2022-05-16 08:23:48 +09:00
dependabot[bot]
cecdad7373 🌱 Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#50) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 10:28:48 -05:00
laurentsimon
74840d4cc7 updates (#48) 2022-05-06 08:44:46 -05:00
asraa
dd34afdc3e update verifier to check environment (#47) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-04 11:36:03 -05:00
dependabot[bot]
6600fc3623 🌱 Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#45) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.3 to 0.24.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.3...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-29 14:20:34 -07:00
laurentsimon
52a0bce84d Update main.go (#44) 2022-04-29 09:28:49 +01:00
laurentsimon
28964d3fd9 exit gracefully (#43) 2022-04-28 21:39:17 +01:00
dependabot[bot]
f0ec07191c 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#41) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-04-28 00:55:33 +00:00
dependabot[bot]
54a8196e78 🌱 Bump github/codeql-action from 1 to 2 (#39) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 17:44:31 -07:00
laurentsimon
8e3c3a760c builder name (#37) 2022-04-25 16:23:54 +00:00
laurentsimon
2400fc0838 Update doc about beta release (#38) 
* beta release

* updates
 2022-04-25 11:13:13 -05:00
laurentsimon
bb7debf054 Update name of argument (#35) 2022-04-25 10:26:40 +01:00
dependabot[bot]
a53fa7eba4 🌱 Bump github.com/sigstore/cosign from 1.7.0 to 1.7.2 (#34) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.7.0 to 1.7.2.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v1.7.0...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-14 12:14:09 -05:00
Naveen
c6a59bb827 Included dependency review check (#33) 
> This action scans your pull requests for dependency changes and will raise an error if any
> new dependencies have existing vulnerabilities. The action is supported
> by an API endpoint that diffs the dependencies between any two revisions.

- Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-11 16:22:56 +00:00
laurentsimon
8a9a5858a3 Update main_test.go (#28) 2022-04-06 15:29:13 +00:00
dependabot[bot]
f545957a6e 🌱 Bump github.com/sigstore/cosign from 1.6.0 to 1.7.0 (#25) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 12:59:55 -07:00
laurentsimon
aee753f58f Add CLI tests (#23) 
* draft

* Fixes

* Add option

* comments

* comments

* comment
 2022-04-04 21:21:49 +00:00
laurentsimon
60a4eb8657 Update README.md (#24) 2022-04-04 20:46:05 +00:00
laurentsimon
2a5b8f3c58 Disable versioned tag (#22) 2022-04-04 13:16:52 -05:00
laurentsimon
cac0be23ab 📖 Add README content (#19) 
* Add README content

* typo

* comments

* comments

* fix
 2022-04-01 21:54:31 +00:00
laurentsimon
7c64c73c2a Add tag and version verification (#18) 
* Add tag verification

* fix

* fix

* fix
 2022-04-01 14:22:36 -05:00
laurentsimon
095f60a0ba Option to verify branch (#13) 
* Verify branch

* remove logging

* fixes

* tidy

* tidy

* comments

* comments
 2022-03-31 12:34:42 -05:00
dependabot[bot]
32e4468647 🌱 Bump actions/checkout from 2 to 3 (#15) 
* 🌱 Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:37:16 -05:00
dependabot[bot]
dd8b3460a8 🌱 Bump actions/setup-go from 2.2.0 to 3 (#14) 
* 🌱 Bump actions/setup-go from 2.2.0 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](bfdd3570ce...f6164bd8c8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:01:25 -05:00
Joshua Lock
25528e0083 fix(codeql): fix branch wildcard (#11) 
* is a special character in YAML, so we must use quotes
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-03-29 18:02:06 +01:00
laurentsimon
31311a3151 Update package names and other references (#9) 
* Update repo/project names

* update
 2022-03-29 07:41:56 -07:00
laurentsimon
6cdcbf9a66 Transffer from github.com/gossts/slsa-provenance (#1) 2022-03-28 08:46:38 -07:00
laurentsimon
8187241983 Initial commit 2022-03-25 14:01:49 -07:00