This project is mirrored from Pull mirroring updated .
  1. 19 Jul, 2021 1 commit
    • Tom Hennen's avatar
      Remove source & entrypoint reqs at SLSA 1/2 · e4fb6ee2
      Tom Hennen authored
      Many builders don't necessarily have this information available to populate the provenance.
      In the interest of making the lower levels easier to adopt I propose we remove this requirement at
      the lower levels so that builders can comply without having to make major architectural changes
      or requiring that users use them in any particular manner.
  2. 12 Jul, 2021 4 commits
  3. 07 Jul, 2021 4 commits
  4. 05 Jul, 2021 3 commits
  5. 02 Jul, 2021 2 commits
  6. 01 Jul, 2021 4 commits
    • Mark Lodato's avatar
      Convert attacks table to Markdown. · 978bd0c6
      Mark Lodato authored
      This makes the table easier to maintain. Although the long lines are
      annoying, we get the benefit of not having to deal with HTML.
    • Mark Lodato's avatar
      Reformat the attacks table, fix link to reqs. · 69ff74d6
      Mark Lodato authored
      Reformat the attacks table to make it easier to maintain:
      - Remove unnecessary closing `tr` and `td` tags.
      - Merge short columns onto one line.
      - Separate each row with a blank line.
      - Break lines at natural boundaries.
      Fix a stale link to, which (a) was an absolute
      link instead of relative, (b) pointed to a file that has since been
      deleted, and (c) didn't work on since the jekyll-relative-links
      plugin only works on Markdown links, not HTML links.
    • Mark Lodato's avatar
      Merge pull request #86 from MarkLodato/npm · 3713e7da
      Mark Lodato authored
      Set up `npm run lint` to call markdownlint.
    • Mark Lodato's avatar
      Pin GH Actions and rename lint to format · 833d1a5d
      Mark Lodato authored
  7. 30 Jun, 2021 5 commits
  8. 29 Jun, 2021 7 commits
  9. 28 Jun, 2021 3 commits
  10. 25 Jun, 2021 3 commits
    • Tom Hennen's avatar
      Update · 447b5291
      Tom Hennen authored
    • Tom Hennen's avatar
      Update · 269cfe0f
      Tom Hennen authored
    • Tom Hennen's avatar
      Allow a service other than the 'build service' to generate provenance · 5f253fb9
      Tom Hennen authored
      This is just an initial thought.  We might only want this adjustment at L2 but still make the build service generate the provenance at L3+.
      On the other hand, maybe as long as the builder _reports_ the data and it's confident in that data, it would be fine for some other service to generate the provenance?
      That would allow for a 'trusted service' to translate one provenance format to another (in addition to gathering the data from API calls).
  11. 24 Jun, 2021 2 commits
  12. 23 Jun, 2021 2 commits