slsa-verifier

mirror of https://github.com/slsa-framework/slsa-verifier.git synced 2026-02-14 17:49:58 +00:00

Files

Ramon Petgrave 7f3db9211e feat: support npm cli provenance v1 attestations (#776 )

Fixes #614, #450, #449, #515

Adds support for NPM CLIs build provenances, generated when running `npm
publish --provenance --access public` from a [GitHub Actions
workflow](5995008213/.github/workflows/npm-publish.yml (L21)).

## Testing

- added unit tests for some new helper functions
- added regression test cases

## Future work

- https://github.com/slsa-framework/slsa-verifier/issues/493, so we can
do `--print-provenance`
- implemented in
https://github.com/slsa-framework/slsa-verifier/pull/768#discussion_r1662938115

---------

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>

2024-07-30 19:46:04 +00:00

CONTRIBUTING.md

feat: workflow to update actions dist (#760 )

2024-05-06 17:56:35 -04:00

npm.md

feat: support npm cli provenance v1 attestations (#776 )

2024-07-30 19:46:04 +00:00