This project is mirrored from https://github.com/slsa-framework/slsa.git. Pull mirroring updated .
  1. 20 Jul, 2021 1 commit
  2. 19 Jul, 2021 1 commit
    • Tom Hennen's avatar
      Remove source & entrypoint reqs at SLSA 1/2 · e4fb6ee2
      Tom Hennen authored
      Many builders don't necessarily have this information available to populate the provenance.
      
      In the interest of making the lower levels easier to adopt I propose we remove this requirement at
      the lower levels so that builders can comply without having to make major architectural changes
      or requiring that users use them in any particular manner.
      e4fb6ee2
  3. 12 Jul, 2021 2 commits
  4. 30 Jun, 2021 1 commit
  5. 29 Jun, 2021 1 commit
  6. 25 Jun, 2021 3 commits
    • Tom Hennen's avatar
      Update requirements.md · 447b5291
      Tom Hennen authored
      447b5291
    • Tom Hennen's avatar
      Update requirements.md · 269cfe0f
      Tom Hennen authored
      269cfe0f
    • Tom Hennen's avatar
      Allow a service other than the 'build service' to generate provenance · 5f253fb9
      Tom Hennen authored
      This is just an initial thought.  We might only want this adjustment at L2 but still make the build service generate the provenance at L3+.
      
      On the other hand, maybe as long as the builder _reports_ the data and it's confident in that data, it would be fine for some other service to generate the provenance?
      
      That would allow for a 'trusted service' to translate one provenance format to another (in addition to gathering the data from API calls).
      5f253fb9
  7. 23 Jun, 2021 3 commits
    • Mark Lodato's avatar
      Convert Source and Common requirements to table. · a954fbde
      Mark Lodato authored
      The format now matches that of the Build requirements.
      a954fbde
    • Mark Lodato's avatar
      Properly indent HTML requirements table. · 7fafe1e8
      Mark Lodato authored
      Remove all the indentation from the requirements table to avoid
      confusion and mistakes. Previously we indented each level with one
      space, which happened to work because we never used more than three
      spaces. But this is misleading because four or more spaces are
      interpreted as a code block. Instead, do not indent the HTML table at
      all, which is what the CommonMark specification recommends.
      
      Also remove the </tr> tags because they are not needed.
      7fafe1e8
    • Mark Lodato's avatar
      Merge all requirements docs into one. · f7bdd1d8
      Mark Lodato authored
      This allows us to add a link to the top of the website, and it also
      makes it easier to see all requirements on one page.
      
      NOTE: In a future change, I will reformat the source and common
      requirements into table form, to match the build requirements.
      f7bdd1d8
  8. 14 Jun, 2021 1 commit
    • Mark Lodato's avatar
      Define build requirements; add "Parameterless". · 333ad28a
      Mark Lodato authored
      Fully define all build requirements. The document still needs an
      introduction, including diagram, threat model, and high-level
      description.
      
      Add a "Parameterless" requirement to SLSA 4, which we forgot previously.
      333ad28a
  9. 10 Jun, 2021 1 commit
    • Mark Lodato's avatar
      Add detailed source requirements. · 749007ea
      Mark Lodato authored
      This should now give enough detail that platforms can start implementing
      SLSA 1.5 and above. Further clarifications are likely needed, but this
      is a good start.
      749007ea