-
Notifications
You must be signed in to change notification settings - Fork 229
Issues: slsa-framework/slsa
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Author
Label
Projects
Milestones
Assignee
Sort
Issues list
Proposal: add a field to the VSA schema for policy violations
#1262
opened Dec 17, 2024 by
djtjwillia
Clarification for completeness of builder ID
clarification
Clarification of the spec, without changing meaning
#1261
opened Dec 16, 2024 by
arewm
Should we capture provenance for the control plane?
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
discussion
#1253
opened Dec 4, 2024 by
marcelamelara
Add figure for build environment lifecycle showing metadata/attestation flows
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1245
opened Nov 19, 2024 by
marcelamelara
Write detailed requirements/guidance for BuildEnv track
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1243
opened Nov 18, 2024 by
marcelamelara
verifying-source should discuss verifying all the commits directly on a protected ref
source-track
#1238
opened Nov 18, 2024 by
zachariahcox
Relationship of VSA's
resourceUri
with the attestation subject
#1219
opened Oct 24, 2024 by
adityasaky
Rephrase "The update did not match the code submitted to GitHub"?
slsa 1.1
#1213
opened Oct 21, 2024 by
TomHennen
Clarify that it's the CI's control plane that gives it privileged access
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1211
opened Oct 21, 2024 by
marcelamelara
Clarify the connection between the Build and BuildEnv tracks
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1210
opened Oct 21, 2024 by
marcelamelara
Summarized verification results in VSA, timeless vs. time-sensitive
#1207
opened Oct 16, 2024 by
AdamZWu
Document implementation of the BuildEnv track for non-Linux environments
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1198
opened Oct 15, 2024 by
marcelamelara
Add reference to TPM 2.0 spec defining "Quote"
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1197
opened Oct 15, 2024 by
marcelamelara
Explicitly mention that BuildEnv L2 build platform MUST verify the SLSA Provenance OR its VSA.
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1196
opened Oct 15, 2024 by
marcelamelara
Explicitly note that the build image should be included in the external parameters field of Provenance for artifacts built on BuildEnv platforms
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1195
opened Oct 15, 2024 by
marcelamelara
More cleanly separate container vs. VM requirements in BuildEnv L2+
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
#1192
opened Oct 15, 2024 by
marcelamelara
Cover use case of build environments without a build agent
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
discussion
#1185
opened Oct 11, 2024 by
marcelamelara
TODO: Need mitigation description for "Include a vulnerable dependency" threat
slsa 1.1
#1183
opened Oct 9, 2024 by
lehors
TODO: Need mitigation description for "Dependency confusion" threat
slsa 1.1
#1181
opened Oct 9, 2024 by
lehors
TODO: Need mitigation description for "Software producer intentionally submits bad code" threat
slsa 1.1
#1178
opened Oct 9, 2024 by
lehors
Previous Next
ProTip!
Follow long discussions with comments:>50.