slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-05-11 11:06:38 +00:00

Author	SHA1	Message	Date
laurentsimon	c6d12b745c	feat: Use tags `vX.Y.Z-<language>` for JReleaser builders (#644 ) Signed-off-by: laurentsimon <laurentsimon@google.com>	2023-07-10 16:42:48 +00:00
Ian Lewis	8faf24c6dc	fix: builder ID verification for testing (#635 ) Fix builder ID verification for testing Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-06 08:32:20 -05:00
Ian Lewis	9bfbc91c5b	refactor: Provenance tests (#628 ) Refactors GHA provenance tests to use `testProvenance` which makes it clearer what is actually being tested. This will also make it easier to support `buildType` as a way to have different verification logic as the tests no longer rely on testdata with the `"https://github.com/Attestations/GitHubActionsWorkflow@v1"` build type, which isn't used by any supported builders. A couple of updates to utilities: - `VerifyTag` will now validate the ref returned by the `Provenance` instance. - `VerifyBranch` will now validate the ref returned by the `Provenance` instance. - `VerifyDigest` now supports the 160 bit `"sha1"` algo (FWIW) and will now search all subject entries even if one subject entry's algorithm does not match the expected algorithm. --------- Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-06-02 13:34:56 +09:00
laurentsimon	93d3f8c06c	fix: Verify the TRW tag is a semver tag (#619 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update verifiers/utils/builder.go Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-05-26 01:15:32 +00:00
Ian Lewis	88cd40e2ee	feat: Use low-perms delegator for Node.js builder (#577 ) Signed-off-by: Ian Lewis <ianlewis@google.com>	2023-05-01 16:27:58 +09:00
laurentsimon	c0cadc0117	feat: support for BYOB verification (#562 ) * update Signed-off-by: laurentsimon <laurentsimon@google.com> * Update verifiers/internal/gha/provenance.go Co-authored-by: Ian Lewis <ianlewis@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> * update Signed-off-by: laurentsimon <laurentsimon@google.com> --------- Signed-off-by: laurentsimon <laurentsimon@google.com> Signed-off-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> Co-authored-by: Ian Lewis <ianlewis@google.com>	2023-04-19 19:07:27 +00:00
Shunsuke Suzuki	74fd528309	fix: fix the Go package version to v2 (#373 ) * fix: fix the package version to v2 ``` git ls-files \| grep ".go$" \| xargs -n 1 gsed -i "s\|github.com/slsa-framework/slsa-verifier\|github.com/slsa-framework/slsa-verifier/v2\|g" ``` Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * fix: fix the package version to v2 Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> * test: fix source Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com> Signed-off-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>	2022-12-01 18:49:39 -08:00
laurentsimon	533d347a4b	feat: support builderID matching with or without semver for GHA (#257 ) * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update	2022-09-15 14:32:03 -07:00
laurentsimon	b58e752378	feat: support builderID matching with or without semver for GCB (#256 ) * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update * update	2022-09-12 17:17:46 -07:00

9 Commits