github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 00:56:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
160 Commits 40 Branches 45 Tags
v1.4.0
Commit Graph

48 Commits

Author SHA1 Message Date
asraa
936dc46aca ci: fix path to config (#297) 
Signed-off-by: Asra Ali <asraa@google.com>

use k8s versioning to show commit and tree state

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2022-10-08 18:31:10 +00:00
asraa
93f88b9937 update version information for release (#296) 
Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2022-10-08 17:23:03 +00:00
Ian Lewis
951ae240b2 Update pre-submits (#289) 
Signed-off-by: Ian Lewis <ianlewis@google.com>

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2022-10-03 09:58:15 -05:00
WhiteSource Renovate
35fd91f381 chore(deps): update github-actions (#284) 2022-10-03 09:46:34 +09:00
WhiteSource Renovate
3ee3cca59d chore(deps): update github-actions (#274) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-26 11:22:46 +00:00
kpk47
b9c3c9d87e Add a GitHub Action for installing slsa-verifier. (#246) 2022-09-22 18:58:40 +00:00
WhiteSource Renovate
aa75f1b7bb chore(deps): update github/codeql-action action to v2.1.24 (#262) 2022-09-21 16:48:34 +00:00
WhiteSource Renovate
aa6f6a56ea chore(deps): update ossf/scorecard-action action to v2 (#255) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-13 14:52:53 +00:00
asraa
ff0ced42ef refactor: add subcommands and separate functionality from artifacts a… (#231) 
* refactor: add subcommands and separate functionality from artifacts and images

Signed-off-by: Asra Ali <asraa@google.com>
 2022-09-06 17:10:58 -05:00
WhiteSource Renovate
a040702c4e chore(deps): update github/codeql-action action to v2.1.22 (#249) 2022-09-06 08:40:16 -05:00
WhiteSource Renovate
2adefa0e01 chore(deps): update github-actions (#240) 
Co-authored-by: asraa <asraa@google.com>
 2022-09-02 16:01:16 +00:00
WhiteSource Renovate
106f50c7ee chore(deps): update actions/checkout action to v3 (#227) 2022-08-23 09:03:56 -05:00
WhiteSource Renovate
ab70a51d20 chore(deps): update github-actions (#222) 2022-08-22 14:47:52 -07:00
asraa
fc6a8e0499 fix invalid dir (#217) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-08-15 19:17:46 +00:00
asraa
5c43d4062f ci: add release workflow test at presubmit (#212) 
* ci: add release workflow test 

Signed-off-by: Asra Ali <asraa@google.com>
 2022-08-15 10:13:26 -05:00
asraa
108f52bac5 ci: fix path to binary for release (#210) 
Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2022-08-12 10:46:21 -07:00
WhiteSource Renovate
691fbbe75b chore(deps): update github/codeql-action action to v2.1.18 (#195) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-08 16:51:08 +00:00
laurentsimon
caaf1c1b8e feat: Create a verifier as a service (#182) 
* update

* update

* update

* tests

* update

* update

* update

* update

* update

* update

* update

* update

* update

* update

* comments

* update

* update

* update

* update

* update
 2022-08-03 14:29:25 -07:00
WhiteSource Renovate
8dab07b39b chore(deps): update github/codeql-action action to v2 (#168) 2022-08-03 13:11:28 -05:00
WhiteSource Renovate
ab278de311 chore(deps): update github-actions (#175) 
Co-authored-by: asraa <asraa@google.com>
 2022-08-02 19:28:36 +00:00
WhiteSource Renovate
6dc5a273c7 chore(deps): update github-actions (#165) 2022-07-25 20:31:40 +00:00
laurentsimon
05def419b2 update (#170) 2022-07-25 20:14:00 +00:00
laurentsimon
6a2f070bf8 feat: Group GHA removatebot updates (#153) 
* update

* update
 2022-07-18 16:32:46 +00:00
WhiteSource Renovate
058cb80ec1 chore(deps): update ossf/scorecard-action digest to ccd0038 (#151) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-18 13:16:08 +00:00
WhiteSource Renovate
567bb6454d chore(deps): update slsa-framework/slsa-github-generator action to v1.1.1 (#121) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 14:55:39 -05:00
WhiteSource Renovate
46cf180c2e chore(deps): update actions/setup-go digest to 84cbf80 (#120) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:48:53 +00:00
WhiteSource Renovate
84f7ea1baf chore(deps): update actions/dependency-review-action digest to f187f64 (#119) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:34:27 +00:00
WhiteSource Renovate
841a90ee17 chore(deps): update actions/upload-artifact digest to 3cea537 (#134) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 18:07:48 +00:00
WhiteSource Renovate
38278be092 chore(deps): update github/codeql-action digest to ea8fb21 (#135) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 17:42:40 +00:00
WhiteSource Renovate
fcef6ecb5d chore(deps): update ossf/scorecard-action digest to ce330fd (#136) 
Co-authored-by: asraa <asraa@google.com>
 2022-07-11 17:27:43 +00:00
Naveen
73d10ecfbf Create scorecards.yml (#130) 2022-07-07 17:09:29 -07:00
WhiteSource Renovate
83d02990d0 chore(deps): update actions/checkout digest to 2541b12 (#118) 2022-07-06 10:34:55 -05:00
WhiteSource Renovate
257a510230 Configure Renovate (#110) 
* chore(deps): add renovate.json

* Update renovate.json

* Delete dependabot.yml

Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-06-29 21:46:30 +00:00
asraa
5875b0a74f bump release generator version (#103) 
Signed-off-by: Asra Ali <asraa@google.com>
 2022-06-20 21:12:34 +00:00
Naveen
40e594d552 Upgrade to go 1.18 (#100) 
The https://github.com/slsa-framework/slsa-github-generator is in go
1.18 and keeping it consistent.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-06-20 11:32:59 -05:00
dependabot[bot]
02bcbccec5 🌱 Bump actions/dependency-review-action from 1.0.2 to 2.0.2 (#96) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.2 to 2.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](a9c83d3af6...1c59cdf2a9)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-17 14:43:57 -05:00
dependabot[bot]
a72bb2573e 🌱 Bump actions/setup-go from 3.1.0 to 3.2.0 (#70) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](fcdc43634a...b22fbbc292)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-27 07:32:03 -07:00
laurentsimon
f9e31da2a5 Allow main branch only for trusted builder and e2e tests repos (#63) 
* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* updates

* Fix unit tests

* unit tests

* updates

* updates

* updates

* updates

* updates
 2022-05-26 15:31:05 +00:00
dependabot[bot]
87c99259e0 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0 (#54) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](f6164bd8c8...fcdc43634a)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-26 15:16:27 +00:00
dependabot[bot]
ae2d059cef 🌱 Bump actions/dependency-review-action from 1.0.1 to 1.0.2 (#62) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](39e692fa32...a9c83d3af6)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-24 17:25:33 -07:00
dependabot[bot]
5688cc79ad 🌱 Bump actions/dependency-review-action from 1.0.0 to 1.0.1 (#58) 
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.0 to 1.0.1.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](3f943b86c9...39e692fa32)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2022-05-23 18:57:04 +00:00
laurentsimon
74840d4cc7 updates (#48) 2022-05-06 08:44:46 -05:00
dependabot[bot]
54a8196e78 🌱 Bump github/codeql-action from 1 to 2 (#39) 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v1...v2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-04-27 17:44:31 -07:00
Naveen
c6a59bb827 Included dependency review check (#33) 
> This action scans your pull requests for dependency changes and will raise an error if any
> new dependencies have existing vulnerabilities. The action is supported
> by an API endpoint that diffs the dependencies between any two revisions.

- Included the https://github.com/actions/dependency-review-action

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
 2022-04-11 16:22:56 +00:00
dependabot[bot]
32e4468647 🌱 Bump actions/checkout from 2 to 3 (#15) 
* 🌱 Bump actions/checkout from 2 to 3

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:37:16 -05:00
dependabot[bot]
dd8b3460a8 🌱 Bump actions/setup-go from 2.2.0 to 3 (#14) 
* 🌱 Bump actions/setup-go from 2.2.0 to 3

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2.2.0 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](bfdd3570ce...f6164bd8c8)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>
 2022-03-31 11:01:25 -05:00
Joshua Lock
25528e0083 fix(codeql): fix branch wildcard (#11) 
* is a special character in YAML, so we must use quotes
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet

Signed-off-by: Joshua Lock <jlock@vmware.com>
 2022-03-29 18:02:06 +01:00
laurentsimon
6cdcbf9a66 Transffer from github.com/gossts/slsa-provenance (#1) 2022-03-28 08:46:38 -07:00