mirror of
https://github.com/slsa-framework/slsa-verifier.git
synced 2026-05-06 00:26:39 +00:00
767ecf9e0a
re: https://github.com/slsa-framework/slsa-github-generator/issues/3750 Rekor TLog entries can now be of the type dsse v0.0.1, as when what's returned when using sigstore-go's `Bundle()`. This is to support eventual Sigstore Bundles produced by slsa-github-generator's "generic" generator, which will likely use sigstore-go's Bundle to produce attestations - https://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101 - https://github.com/slsa-framework/slsa-github-generator/actions/runs/10359750833 ## Tesing - Added unit tests with stub data - manual invocations to very both new and old attestations and bundles, with some modifications for testing purposes - https://github.com/slsa-framework/slsa-verifier/compare/main...verify-sigstore-go-Bundlev3#diff-94741068472ee694a12811cd704179dd478a9fa20a3bf45cf6ea2d4406214dc2R179 ## Followup Finish the work to produce bundles from the generic generators - https://github.com/slsa-framework/slsa-github-generator/compare/main...ramonpetgrave64-internal-builder-sigstore-bundlev2#diff-b186a0c5d9ae459b11b694f05455568453699670926d21cad06cafec3dbf895eR101 --------- Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com> Signed-off-by: Ramon Petgrave <32398091+ramonpetgrave64@users.noreply.github.com>