github/slsa-verifier
1
0
Fork 0
mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-07 09:06:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
281 Commits 40 Branches 45 Tags
v2.1.0
Commit Graph

281 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mend Renovate
1ed3847709 chore(deps): update npm dev (#517) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
v2.1.0 		2023-03-14 11:58:36 +09:00
Shunsuke Suzuki
58786d3274 chore: add a file extension ".exe" to Windows artifacts (#527) 
Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-03-10 21:57:56 +00:00
laurentsimon
20b06426ff docs: update installation to cover the Action and to receive updates (#523) 
docs: update installation to cover the Action and to receive updates (#523)

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-10 15:46:04 -06:00
laurentsimon
ae38103ecf feat: verify sourceURI for npm packages (#521) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* Update verifiers/internal/gha/provenance.go

Co-authored-by: Ian Lewis <ianlewis@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-03-10 17:13:29 +00:00
asraa
5a77b25fb4 fix: fix GCB verification with git material source prefix (#519) 
Signed-off-by: Asra Ali <asraa@google.com>
 2023-03-09 10:00:19 +09:00
Kevin Halk
47495c7d5b feat: Update SLSA verifier to support a global signing key for GCB V1 which… (#509) 
* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

* Update SLSA verifier to support a global signing key for GCB V1 which creates the signature in a DSSE-conformant PAE format

- new public key for "global PAE signing key"
- test data and unit tests

Signed-off-by: Kevin Halk <khalk@google.com>

---------

Signed-off-by: Kevin Halk <khalk@google.com>
 2023-03-06 16:02:30 +00:00
Mend Renovate
9f57e6add9 chore(deps): update github-actions (#502) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>
 2023-03-06 00:48:50 +00:00
laurentsimon
82a12591ff feat: npm default runner support (#495) 
* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

* update

Signed-off-by: laurentsimon <laurentsimon@google.com>

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-03-02 21:53:29 +00:00
Ian Lewis
12910ea596 test: Add test data for v1.5.0 (#506) 
* Add test data for v1.5.0
* Fix container tests

---------

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-02-28 12:03:20 +09:00
Mend Renovate
66931c71be chore(deps): update npm dev (#501) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-27 17:46:32 +09:00
Mend Renovate
5fc3389c24 fix(deps): update github.com/sigstore/protobuf-specs digest to 44103a5 (#499) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 12:21:03 +09:00
Mend Renovate
f2b8ee8fff chore(deps): update npm dev (#497) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 10:52:04 +09:00
Mend Renovate
48913f6c43 chore(deps): update golang:1.19 docker digest to 7ce31d1 (#490) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-22 10:05:25 +09:00
asraa
d8c2961d82 test: add docker based spport and start adding tests (#486) 
Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-15 20:46:11 +00:00
Ian Lewis
a2388a3c49 ci: Add go mod tidy to renovate post update (#484) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-02-13 22:32:59 +00:00
Mend Renovate
64d1a7f5e9 fix(deps): update module github.com/sigstore/cosign/v2 to v2.0.0-rc.2 (#481) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-14 07:12:13 +09:00
Mend Renovate
13b4c3e75b chore(deps): update github/codeql-action action to v2.2.4 (#480) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-13 14:36:07 +00:00
Mend Renovate
878947f5e8 chore(deps): update npm dev (#482) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-13 09:46:28 +00:00
Mend Renovate
654a58c2af chore(deps): update golang:1.19 docker digest to 572f680 (#469) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-13 13:19:15 +09:00
asraa
0bb98050f2 fix: use a uniform verifier interface for provenance type (#478) 
* cleanup: use a uniform verifier interface for provenance type

Signed-off-by: Asra Ali <asraa@google.com>

* fix experimental gateg

Signed-off-by: Asra Ali <asraa@google.com>

* oops

Signed-off-by: Asra Ali <asraa@google.com>

---------

Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-10 14:04:12 -08:00
asraa
5d6c770d43 feat: support branch and tag from slsa v1 provenance (#476) 
* feat: support branch and tag from slsa v1 provenance

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-10 21:33:16 +00:00
asraa
239c4489ce feat: add slsa v1?draft provenance experimental support (#470) 
* feat: add slsa v1?draft provenance support

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-09 17:21:15 +00:00
Mend Renovate
69da812e1c fix(deps): update github.com/sigstore/protobuf-specs digest to 9b722b6 (#465) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-07 20:15:42 +00:00
Mend Renovate
53ca117e3c chore(deps): update npm dev (#466) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-02-06 15:01:12 +00:00
Mend Renovate
be04b2a04c fix(deps): update module github.com/in-toto/in-toto-golang to v0.6.0 (#468) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-02-06 08:52:55 -06:00
asraa
fec5b6a7b5 refactor: generalize provenance out of predicate type info (#463) 
* refactor: generalize provenance out of predicate type info

Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-03 23:30:23 +00:00
asraa
362bd1a331 feat: add offline bundle signature verification (#457) 
* feat: add bundle signature verification

Signed-off-by: Asra Ali <asraa@google.com>
 2023-02-03 09:31:40 -06:00
Mend Renovate
0af383c2bd chore(deps): update golang:1.19 docker digest to bb9811f (#261) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-30 05:50:04 -08:00
Mend Renovate
9578b3838e chore(deps): update github-actions (#460) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-30 05:33:14 -08:00
Mend Renovate
3c012d278e chore(deps): update npm dev (#459) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-30 05:23:26 -08:00
Pedro Nacht
5deacad765 ci: Ensure all version references are up-to-date prior to release (#447) 
* Create references.sh

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* WIP: check docs in pre-submits

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Clean up

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Fix based on comments

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Add instructions to RELEASE.md

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

* Check references match version in PR body

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

---------

Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-01-27 23:12:37 +00:00
asraa
2444233891 test: add builder id tests for short form (#455) 
Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-26 09:35:22 -06:00
asraa
bcd23c945e chore: enable some Go linters (#456) 
* enable deadcode

Signed-off-by: Asra Ali <asraa@google.com>

* enable unconvert

Signed-off-by: Asra Ali <asraa@google.com>

* enable thelper

Signed-off-by: Asra Ali <asraa@google.com>

* enable stylecheck

Signed-off-by: Asra Ali <asraa@google.com>

* enable misspell

Signed-off-by: Asra Ali <asraa@google.com>

* enable gocritic

Signed-off-by: Asra Ali <asraa@google.com>

* enable godot

Signed-off-by: Asra Ali <asraa@google.com>

* enable staticcheck

Signed-off-by: Asra Ali <asraa@google.com>

* address experimental deadcode

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-25 19:51:10 +00:00
Mend Renovate
5eea7c5537 chore(deps): update github/codeql-action action to v2.1.39 (#452) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-01-25 15:59:45 +00:00
Mend Renovate
b0c071b496 fix(deps): update go (#453) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-25 09:52:35 -06:00
asraa
703fca0fbc test: add v1.4.0 build tests for gha_go gha_generic and gha_generic_container (#439) 
* test: add v1.4.0 build tests for gha_go gha_generic and gha_generic_container

Signed-off-by: Asra Ali <asraa@google.com>

* gitignore oops

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-17 16:40:09 +00:00
Mend Renovate
fb8ab2af45 chore(deps): update npm dev (#445) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-16 05:51:13 +00:00
Mend Renovate
71e72f0a1f chore(deps): update github/codeql-action action to v2.1.38 (#444) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-16 10:37:41 +09:00
Ian Lewis
1da39d7e06 ci: Add javascript to CodeQL analysis (#413) 
Signed-off-by: Ian Lewis <ianlewis@google.com>

Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-01-11 10:21:11 -06:00
Ian Lewis
771f842244 docs: Add instructions for GHA container generator (#438) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-01-11 11:34:50 +09:00
Mend Renovate
b06fbf5b04 chore(deps): update github-actions (#436) 
* chore(deps): update github-actions

Signed-off-by: Renovate Bot <bot@renovateapp.com>

* Use tag for actions/upload-artifact

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-01-09 15:28:47 +00:00
Mend Renovate
257c370894 chore(deps): update dependency prettier to v2.8.2 (#437) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-09 09:19:17 -06:00
Shunsuke Suzuki
325f12aabf chore: release assets for multiple platforms (#434) 
* chore: release assets for multiple platforms

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

* ci: release assets for windows and macOS

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

* ci: add configuration files for macOS and windows

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

* ci: remove a workflow job `if-failed`

This job is unneeded anymore.

https://github.com/slsa-framework/slsa-verifier/pull/434#discussion_r1063427948

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

* ci: move configuration files to a directory `.slsa-goreleaser`

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
 2023-01-07 00:56:30 +00:00
Shunsuke Suzuki
a4d4074bf6 ci: fix a deprecation warning (#435) 
> args
> The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>

Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
 2023-01-06 08:14:29 -06:00
Ian Lewis
452dcfac5f ci: Add large file pre-submit check (#433) 
Signed-off-by: Ian Lewis <ianlewis@google.com>
 2023-01-06 09:29:13 +09:00
asraa
844ae349df fix: remove accidental checked in binary (#432) 
Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-06 08:06:43 +09:00
asraa
bad943298a ci: add verifier e2e presubmit that runs CLI at main (#430) 
* ci: add verifier e2e presubmit that runs CLI at main

Signed-off-by: Asra Ali <asraa@google.com>
Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-05 16:02:54 +00:00
Mend Renovate
71a4b4d2bb chore(deps): update npm dev (#428) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>
 2023-01-05 02:25:41 +00:00
asraa
dabf59b6dd fix: fix exit status on command executione errors (#429) 
Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>
 2023-01-04 10:34:51 -06:00
Mend Renovate
652ec10cf9 chore(deps): update ossf/scorecard-action action to v2.1.2 (#417) 
Signed-off-by: Renovate Bot <bot@renovateapp.com>

Signed-off-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: asraa <asraa@google.com>
 2023-01-03 20:16:07 +00:00