slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-09 18:16:35 +00:00

Author	SHA1	Message	Date
laurentsimon	2184d9d604	chore: bump versions (#715 ) Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-10-10 00:27:33 +00:00
Mend Renovate	0e5b3a3d11	fix(deps): update golang.org/x/exp digest to 7918f67 (#694 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| golang.org/x/exp \| require \| digest \| `10a5072` -> `7918f67` \| --- ### ⚠ Dependency Lookup Warnings ⚠ Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information. --- ### Configuration 📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/slsa-framework/slsa-verifier). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi40My4yIiwidXBkYXRlZEluVmVyIjoiMzcuMC4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Signed-off-by: Mend Renovate <bot@renovateapp.com>	2023-10-09 09:59:53 -07:00
laurentsimon	58eede7e66	feat: gcb v1.0 support (#691 ) closes https://github.com/slsa-framework/slsa-verifier/issues/683 This is a large PR, but there is not much new code. The code adding support for v1.0 is under: - verifiers/internal/gcb/slsaprovenance/v1.0/* - verifiers/internal/gcb/slsaprovenance/provenance.go The rest is mostly some re-factoring needed Remaining is regression tests, tracked in https://github.com/slsa-framework/slsa-verifier/issues/690 --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-08-18 17:32:58 +00:00
Ian Lewis	f025c630ac	refactor: Use Go 1.20 (#643 ) Fixes #589 --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-26 10:49:52 +09:00
Mend Renovate	dab7d387fa	fix(deps): update github.com/sigstore/protobuf-specs digest to 5ef5406 (#606 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-06-12 01:33:18 +00:00
Mend Renovate	5ca5eb0120	fix(deps): update module github.com/sigstore/rekor to v1.2.0 [security] (#622 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-06-02 09:10:53 -05:00
laurentsimon	3a4e992444	feat: verify claims in provenance match the certificate (#572 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-05-09 23:52:36 +00:00
Mend Renovate	9b6ec903b9	fix(deps): update github.com/sigstore/protobuf-specs digest to 91485b4 (#584 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-05-09 00:32:22 +09:00
asraa	467e0820b6	chore: update slsa provenance to v1 (#579 ) * chore: update slsa provenance to v1 Signed-off-by: Asra Ali <asraa@google.com> * fix import path Signed-off-by: Asra Ali <asraa@google.com> * update dsse testcases Signed-off-by: Asra Ali <asraa@google.com> * fix cosign image verification in update Signed-off-by: Asra Ali <asraa@google.com> --------- Signed-off-by: Asra Ali <asraa@google.com>	2023-05-08 15:18:16 +00:00
Mend Renovate	954a421526	fix(deps): update github.com/sigstore/protobuf-specs digest to 13e09aa (#578 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-05-01 01:35:03 +00:00
Mend Renovate	0a7e71cb09	fix(deps): update github.com/sigstore/protobuf-specs digest to b6d2576 (#559 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-19 13:34:26 +09:00
Mend Renovate	6137b13c0e	fix(deps): update github.com/sigstore/protobuf-specs digest to 4dbf10b (#553 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-11 00:20:40 +00:00
Mend Renovate	a09c6aa06a	fix(deps): update github.com/sigstore/protobuf-specs digest to c8a23a4 (#528 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Co-authored-by: asraa <asraa@google.com>	2023-03-24 13:45:48 +00:00
Mend Renovate	5fc3389c24	fix(deps): update github.com/sigstore/protobuf-specs digest to 44103a5 (#499 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-22 12:21:03 +09:00
Mend Renovate	64d1a7f5e9	fix(deps): update module github.com/sigstore/cosign/v2 to v2.0.0-rc.2 (#481 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-14 07:12:13 +09:00
asraa	5d6c770d43	feat: support branch and tag from slsa v1 provenance (#476 ) * feat: support branch and tag from slsa v1 provenance Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-02-10 21:33:16 +00:00
asraa	239c4489ce	feat: add slsa v1?draft provenance experimental support (#470 ) * feat: add slsa v1?draft provenance support Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2023-02-09 17:21:15 +00:00
Mend Renovate	69da812e1c	fix(deps): update github.com/sigstore/protobuf-specs digest to 9b722b6 (#465 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-07 20:15:42 +00:00
Mend Renovate	be04b2a04c	fix(deps): update module github.com/in-toto/in-toto-golang to v0.6.0 (#468 ) Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-02-06 08:52:55 -06:00
asraa	362bd1a331	feat: add offline bundle signature verification (#457 ) * feat: add bundle signature verification Signed-off-by: Asra Ali <asraa@google.com>	2023-02-03 09:31:40 -06:00
Mend Renovate	b0c071b496	fix(deps): update go (#453 ) Signed-off-by: Renovate Bot <bot@renovateapp.com> Signed-off-by: Renovate Bot <bot@renovateapp.com>	2023-01-25 09:52:35 -06:00
Mend Renovate	e8c3438638	fix(deps): update go (#386 ) Co-authored-by: Ian Lewis <ianlewis@google.com>	2022-12-15 01:39:54 +00:00
Shunsuke Suzuki	74fd528309	fix: fix the Go package version to v2 (#373 ) * fix: fix the package version to v2 ``` git ls-files \| grep ".go$" \| xargs -n 1 gsed -i "s\|github.com/slsa-framework/slsa-verifier\|github.com/slsa-framework/slsa-verifier/v2\|g" ``` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * fix: fix the package version to v2 Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * test: fix source Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2022-12-01 18:49:39 -08:00
WhiteSource Renovate	a5568ee8ba	fix(deps): update module github.com/spf13/cobra to v1.6.1 (#340 ) Co-authored-by: asraa <asraa@google.com>	2022-10-31 18:24:56 +00:00
Ian Lewis	c845407336	Update sigstore libraries (#326 ) * Update sigstore libraries Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * Update slsa-github-generator Signed-off-by: Ian Lewis <ianmlewis@gmail.com> * go mod tidy Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Signed-off-by: Ian Lewis <ianmlewis@gmail.com> Co-authored-by: asraa <asraa@google.com>	2022-10-27 14:36:36 +00:00
asraa	05d247fb14	rekor: use rekor client with retries (#301 ) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-10-17 16:55:40 +00:00
WhiteSource Renovate	beada4bd09	fix(deps): update module github.com/go-openapi/runtime to v0.24.2 (#304 ) Co-authored-by: asraa <asraa@google.com>	2022-10-17 16:33:55 +00:00
WhiteSource Renovate	4f09605a47	fix(deps): update module github.com/sigstore/sigstore to v1.4.4 (#294 ) Co-authored-by: asraa <asraa@google.com>	2022-10-12 14:26:35 +00:00
asraa	936dc46aca	ci: fix path to config (#297 ) Signed-off-by: Asra Ali <asraa@google.com> use k8s versioning to show commit and tree state Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>	2022-10-08 18:31:10 +00:00
WhiteSource Renovate	7bb343116e	fix(deps): update module github.com/sigstore/sigstore to v1.4.2 (#272 ) Co-authored-by: asraa <asraa@google.com>	2022-09-26 11:35:50 +00:00
WhiteSource Renovate	5f98831104	fix(deps): update module github.com/sigstore/sigstore to v1.4.1 (#263 )	2022-09-23 14:04:06 +00:00
WhiteSource Renovate	78a225d3bd	fix(deps): update module github.com/sigstore/cosign to v1.12.0 (#264 )	2022-09-19 16:33:55 -04:00
WhiteSource Renovate	cddba700c8	fix(deps): update module github.com/google/go-cmp to v0.5.9 (#253 ) Co-authored-by: asraa <asraa@google.com>	2022-09-14 17:47:23 +00:00
laurentsimon	d12dce9526	feat: CLI tests for GCB verification (#251 ) * update * update * update	2022-09-08 13:36:56 -07:00
laurentsimon	d5b56c334e	feat: add CLI tests for GCB verification (#245 ) * update * update * update * update	2022-09-02 20:42:40 +00:00
WhiteSource Renovate	0ff60a240a	fix(deps): update module github.com/sigstore/cosign to v1.11.1 (#239 ) Co-authored-by: asraa <asraa@google.com>	2022-09-01 15:31:07 +00:00
laurentsimon	26c928f5b7	Verify text provenance for GCB (#242 ) * update * update * update * update * update * comments * comments	2022-08-30 23:08:46 +00:00
WhiteSource Renovate	3fc1dbde46	fix(deps): update module github.com/sigstore/rekor to v0.11.0 (#225 )	2022-08-23 09:38:20 -05:00
WhiteSource Renovate	ab0daccd34	fix(deps): update module github.com/sigstore/cosign to v1.11.0 (#224 ) Co-authored-by: asraa <asraa@google.com>	2022-08-23 14:13:21 +00:00
WhiteSource Renovate	459608e7d8	fix(deps): update module github.com/go-openapi/swag to v0.22.3 (#215 )	2022-08-19 11:55:11 -07:00
asraa	7b4b9cde06	feat: support oci image verification (#147 ) * feat: support oci image verification Signed-off-by: Asra Ali <asraa@google.com> * add testing folder Signed-off-by: Asra Ali <asraa@google.com> * update name and make fix Signed-off-by: Asra Ali <asraa@google.com> * add tests Signed-off-by: Asra Ali <asraa@google.com> * Add initial testing Signed-off-by: Asra Ali <asraa@google.com> * updated comments Signed-off-by: Asra Ali <asraa@google.com> * update Signed-off-by: Asra Ali <asraa@google.com> * fix digest calculation Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com> Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com>	2022-08-17 15:59:01 -05:00
WhiteSource Renovate	a7d3c61f21	fix(deps): update module github.com/sigstore/cosign to v1.10.1 (#198 ) Co-authored-by: asraa <asraa@google.com>	2022-08-08 19:18:50 +00:00
laurentsimon	caaf1c1b8e	feat: Create a verifier as a service (#182 ) * update * update * update * tests * update * update * update * update * update * update * update * update * update * update * comments * update * update * update * update * update	2022-08-03 14:29:25 -07:00
WhiteSource Renovate	cdbab2bf0a	fix(deps): update module github.com/google/trillian to v1.4.2 (#176 ) Co-authored-by: asraa <asraa@google.com>	2022-08-03 09:27:02 -05:00
WhiteSource Renovate	b911c68206	fix(deps): update module github.com/sigstore/sigstore to v1.3.1 (#177 )	2022-08-02 14:19:30 -05:00
WhiteSource Renovate	13f7935ecf	fix(deps): update module github.com/sigstore/rekor to v0.10.0 (#178 )	2022-08-01 14:06:06 -05:00
WhiteSource Renovate	fb9aeaf638	fix(deps): update module github.com/sigstore/cosign to v1.10.0 (#166 ) Co-authored-by: asraa <asraa@google.com>	2022-07-25 13:05:03 -05:00
WhiteSource Renovate	e154b5534a	fix(deps): update module github.com/slsa-framework/slsa-github-generator to v1.2.0 (#167 )	2022-07-25 10:12:15 -05:00
WhiteSource Renovate	390d18a96c	fix(deps): update module github.com/go-openapi/strfmt to v0.21.3 (#152 )	2022-07-18 08:05:26 -05:00
Naveen	3b17f9c76f	Refactor - deprecated libraries (#128 ) - Refactored to move away from github.com/google/trillian/merkle/logverifier" and github.com/google/trillian/merkle/rfc6962 - Included go mod tidy for validation - Fixes #https://github.com/slsa-framework/slsa-verifier/issues/61 Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com> Co-authored-by: asraa <asraa@google.com>	2022-07-12 18:57:42 +00:00

1 2

68 Commits