slsa-framework / slsa Public

Notifications You must be signed in to change notification settings
Fork 226
Star 1.6k

Code
Issues 212
Pull requests 6
Discussions
Actions
Projects 2
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

Issues: slsa-framework/slsa

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

212 Open 271 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Add figure for build environment lifecycle build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1245 opened Nov 19, 2024 by marcelamelara

Write detailed requirements/guidance for BuildEnv track build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1243 opened Nov 18, 2024 by marcelamelara

cleanup verifying-source content slsa 1.1 source-track

#1242 opened Nov 18, 2024 by zachariahcox

13 tasks

fill in or cut this bit about merge trains slsa 1.1 source-track

#1239 opened Nov 18, 2024 by zachariahcox

verifying-source should discuss verifying all the commits directly on a protected ref source-track

#1238 opened Nov 18, 2024 by zachariahcox

Which Build Threat corresponds to "pwn request"

#1235 opened Nov 12, 2024 by fproulx-boostsecurity

Add search to published doc

#1232 opened Nov 4, 2024 by shalper

Clarify 'Tamper with provenance or VSA' threat slsa 1.1

#1223 opened Oct 25, 2024 by TomHennen

Safe Expunging and 'legal' restrictions source-track

#1222 opened Oct 25, 2024 by TomHennen

Relationship of VSA's resourceUri with the attestation subject

#1219 opened Oct 24, 2024 by adityasaky

Clarify why builder level is meaningful in threats slsa 1.1

#1215 opened Oct 23, 2024 by TomHennen

Rephrase "The update did not match the code submitted to GitHub"? slsa 1.1

#1213 opened Oct 21, 2024 by TomHennen

Clarify that it's the CI's control plane that gives it privileged access build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1211 opened Oct 21, 2024 by marcelamelara

Clarify the connection between the Build and BuildEnv tracks build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1210 opened Oct 21, 2024 by marcelamelara

Summarized verification results in VSA, timeless vs. time-sensitive

#1207 opened Oct 16, 2024 by AdamZWu

Document implementation of the BuildEnv track for non-Linux environments build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1198 opened Oct 15, 2024 by marcelamelara

Add reference to TPM 2.0 spec defining "Quote" build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1197 opened Oct 15, 2024 by marcelamelara

Explicitly mention that BuildEnv L2 build platform MUST verify the SLSA Provenance OR its VSA. build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1196 opened Oct 15, 2024 by marcelamelara

Explicitly note that the build image should be included in the external parameters field of Provenance for artifacts built on BuildEnv platforms build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1195 opened Oct 15, 2024 by marcelamelara

More cleanly separate container vs. VM requirements in BuildEnv L2+ build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1192 opened Oct 15, 2024 by marcelamelara

Update threats.md to discuss SLSA Source Track source-track

#1187 opened Oct 14, 2024 by TomHennen

Cover use case of build environments without a build agent build-environment-track

Issues/PRs related to the SLSA BuildEnv track

discussion

#1185 opened Oct 11, 2024 by marcelamelara

TODO: Need mitigation description for "Use a compromised build tool" threat slsa 1.1

#1184 opened Oct 9, 2024 by lehors

TODO: Need mitigation description for "Include a vulnerable dependency" threat slsa 1.1

#1183 opened Oct 9, 2024 by lehors

TODO: Need mitigation description for "Dependency confusion" threat slsa 1.1

#1181 opened Oct 9, 2024 by lehors

Previous 1 2 3 4 5 … 8 9 Next

Previous Next

ProTip! Updated in the last three days: updated:>2024-11-21.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly