github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 00:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
57 Commits 40 Branches 45 Tags
v1.1.1
Commit Graph

57 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
asraa
76a59d8413 tests: update to v1.1.1 testcases (#106) 
* update v1.1.1 testcases

Signed-off-by: Asra Ali <asraa@google.com>
v1.1.1 		2022-06-21 15:28:02 +00:00
laurentsimon
4405bf51a0 Update RELEASE.md (#107) 2022-06-21 09:51:21 -05:00
asraa
5110b6efc4 update to release 1.1.0 (#104) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 21:35:08 +00:00
asraa
5875b0a74f bump release generator version (#103) 
Signed-off-by: Asra Ali <asraa@google.com>
v1.1.0 		2022-06-20 21:12:34 +00:00
asraa
3a059ae446 fix: add verification without redis index (#97) 
* add verification without redis index

Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 15:05:20 -05:00
asraa
fbada96c2c chore: update sigstore components (#102) 
* update sigstore components

Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 12:01:58 -05:00
Naveen
40e594d552 Upgrade to go 1.18 (#100) 
The https://github.com/slsa-framework/slsa-github-generator is in go
1.18 and keeping it consistent.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-06-20 11:32:59 -05:00
dependabot[bot]
02bcbccec5 🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2 (#96) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](a9c83d3af6...1c59cdf2a9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-17 14:43:57 -05:00
laurentsimon
73fd0b76d4 Update generator name (#94) 2022-06-14 08:34:33 +09:00
laurentsimon
16af7c8185 🐛 Retrieve branch on release triggers (#89) 
* updates

* unit test

* fixes

* updates

* typo

* unit test
 2022-06-09 13:49:33 +00:00
asraa
a717cc5512 feat: add an option to print provenance (#87) 
* add an option to print provenance

Signed-off-by: Asra Ali <asraa@google.com>

fix

Signed-off-by: Asra Ali <asraa@google.com>

* print provenaace

Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-08 13:35:59 -07:00
asraa
2a0dd1c120 Update documentation for release v1.0.0 (#85) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-07 15:53:22 -07:00
asraa
c1b6db643d fix: add v0.0.2 subfolder for builder testdata (#80) 
* add subfolder for testdata

Signed-off-by: Asra Ali <asraa@google.com>
v1.0.0 		2022-06-07 17:25:38 -05:00
laurentsimon
380627ad54 Add installation option (#83) 2022-06-07 09:39:07 -07:00
asraa
1d50070dc1 remove old refs to builders (#81) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-07 08:42:22 -07:00
asraa
0d8f412198 add tests for the e2e repository (#78) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-06 16:05:59 -05:00
asraa
c80938e298 fix prints to stdout and stderr and update README.md (#77) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-02 16:07:21 -07:00
asraa
50e8539e35 print verified provenance on stdout (#76) 
Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-06-02 09:53:00 -07:00
laurentsimon
21527372e3 📖 Release process for the verifier (#71) 
* release for the verifier

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* comments

* updates
 2022-06-02 01:20:24 +00:00
dependabot[bot]
a72bb2573e 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 (#70) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-27 07:32:03 -07:00
asraa
8596e23935 add e2e test malicious builder and cert expiry (#69) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-26 21:46:24 +00:00
asraa
a411040704 e2e: test signed provenance without rekor upload (#68) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-26 14:12:06 -07:00
laurentsimon
f9e31da2a5 Allow main branch only for trusted builder and e2e tests repos (#63) 
* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Fix unit tests

* unit tests

* updates

* updates

* updates

* updates

* updates
v0.0.1 		2022-05-26 15:31:05 +00:00
dependabot[bot]
87c99259e0 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 (#54) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-26 15:16:27 +00:00
dependabot[bot]
8f2dd288a6 🌱 Bump github.com/google/trillian from 1.4.0 to 1.4.1 (#52) 
Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-25 00:35:03 +00:00
dependabot[bot]
ae2d059cef 🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#62) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-24 17:25:33 -07:00
dependabot[bot]
5688cc79ad 🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#58) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-23 18:57:04 +00:00
laurentsimon
e6f7527557 Unit tests for prerelease and build semver (#60) 
* tests for prerelease and build semver

* updates
 2022-05-23 18:43:52 +00:00
laurentsimon
e1494efa25 update (#59) 2022-05-19 00:14:11 +00:00
Ian Lewis
8ad941a0f8 Add provenance only workflow (#53) 2022-05-16 08:23:48 +09:00
dependabot[bot]
cecdad7373 🌱 Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#50) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.24.0...v0.24.1)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-06 10:28:48 -05:00
laurentsimon
74840d4cc7 updates (#48) 2022-05-06 08:44:46 -05:00
asraa
dd34afdc3e update verifier to check environment (#47) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-05-04 11:36:03 -05:00
dependabot[bot]
6600fc3623 🌱 Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#45) 
Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.3 to 0.24.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.3...v0.24.0)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-29 14:20:34 -07:00
laurentsimon
52a0bce84d Update main.go (#44) 2022-04-29 09:28:49 +01:00
laurentsimon
28964d3fd9 exit gracefully (#43) 2022-04-28 21:39:17 +01:00
dependabot[bot]
f0ec07191c 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#41) 
Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-04-28 00:55:33 +00:00
dependabot[bot]
54a8196e78 🌱 Bump github/codeql-action from 1 to 2 (#39) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 17:44:31 -07:00
laurentsimon
8e3c3a760c builder name (#37) 2022-04-25 16:23:54 +00:00
laurentsimon
2400fc0838 Update doc about beta release (#38) 
* beta release

* updates
 2022-04-25 11:13:13 -05:00
laurentsimon
bb7debf054 Update name of argument (#35) 2022-04-25 10:26:40 +01:00
dependabot[bot]
a53fa7eba4 🌱 Bump github.com/sigstore/cosign from 1.7.0 to 1.7.2 (#34) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.7.0 to 1.7.2.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/compare/v1.7.0...v1.7.2)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-14 12:14:09 -05:00
Naveen
c6a59bb827 Included dependency review check (#33) 
> This action scans your pull requests for dependency changes and will raise an error if any
> new dependencies have existing vulnerabilities. The action is supported
> by an API endpoint that diffs the dependencies between any two revisions.

- Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-11 16:22:56 +00:00
laurentsimon
8a9a5858a3 Update main_test.go (#28) 2022-04-06 15:29:13 +00:00
dependabot[bot]
f545957a6e 🌱 Bump github.com/sigstore/cosign from 1.6.0 to 1.7.0 (#25) 
Bumps [github.com/sigstore/cosign](https://github.com/sigstore/cosign) from 1.6.0 to 1.7.0.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-05 12:59:55 -07:00
laurentsimon
aee753f58f Add CLI tests (#23) 
* draft

* Fixes

* Add option

* comments

* comments

* comment
 2022-04-04 21:21:49 +00:00
laurentsimon
60a4eb8657 Update README.md (#24) 2022-04-04 20:46:05 +00:00
laurentsimon
2a5b8f3c58 Disable versioned tag (#22) 2022-04-04 13:16:52 -05:00
laurentsimon
cac0be23ab 📖 Add README content (#19) 
* Add README content

* typo

* comments

* comments

* fix
 2022-04-01 21:54:31 +00:00
laurentsimon
7c64c73c2a Add tag and version verification (#18) 
* Add tag verification

* fix

* fix

* fix
 2022-04-01 14:22:36 -05:00