-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support for GCB verification #202
Merged
laurentsimon
merged 22 commits into
slsa-framework:main
from
laurentsimon:feat/gcbverif
Aug 24, 2022
Merged
feat: Support for GCB verification #202
laurentsimon
merged 22 commits into
slsa-framework:main
from
laurentsimon:feat/gcbverif
Aug 24, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
laurentsimon
changed the title
Support for GCB verification
[DRAFT] Support for GCB verification
Aug 9, 2022
laurentsimon
commented
Aug 9, 2022
laurentsimon
commented
Aug 9, 2022
laurentsimon
force-pushed
the
feat/gcbverif
branch
from
August 15, 2022 23:35
e21f485
to
3f03ce3
Compare
laurentsimon
changed the title
[DRAFT] Support for GCB verification
feat: Support for GCB verification
Aug 16, 2022
laurentsimon
force-pushed
the
feat/gcbverif
branch
from
August 16, 2022 22:22
985aa8c
to
47ff8a8
Compare
asraa
reviewed
Aug 17, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for starting this! Some comments. Overall, implementation of the provenance looks fine to me.
verifiers/internal/gcb/testdata/gcloud-container-invalid-slsaheader.json
Show resolved
Hide resolved
laurentsimon
commented
Aug 17, 2022
laurentsimon
commented
Aug 17, 2022
laurentsimon
commented
Aug 17, 2022
laurentsimon
force-pushed
the
feat/gcbverif
branch
from
August 18, 2022 15:09
47ff8a8
to
d2b921e
Compare
Added more tests, ready for review! |
ianlewis
reviewed
Aug 22, 2022
verifiers/internal/gcb/testdata/gcloud-container-invalid-slsaheader.json
Show resolved
Hide resolved
Signed-off-by: Asra Ali <[email protected]>
Signed-off-by: Asra Ali <[email protected]>
Signed-off-by: Asra Ali <[email protected]>
laurentsimon
force-pushed
the
feat/gcbverif
branch
from
August 23, 2022 20:50
523ffe3
to
b120989
Compare
asraa
approved these changes
Aug 24, 2022
ramonpetgrave64
pushed a commit
to ramonpetgrave64/slsa-verifier
that referenced
this pull request
Apr 18, 2024
The markdown table should have just one row. However, the example is formatted in such a way that it gets 3 rows. This is just minor cleanup, with no functional change. Co-authored-by: Ian Lewis <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR depends on #147 which should be merged.
Please verify the GCB public keys in this PR, using steps in verifiers/internal/gcb/keys/README.md.
This PR adds support for verification of GCB provenance. Some TODOS:
In a follow-up PR: #221