Skip to content
/ slsa-source-poc Public

A proof-of-concept for how the SLSA Source Track could be implemented.

License

Apache-2.0 license
2 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

slsa-framework/slsa-source-poc

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github/workflows
.github/workflows
 
 
actions/vsa_creator
actions/vsa_creator
 
 
LICENSE
LICENSE
 
 
POLICY.md
POLICY.md
 
 
README.md
README.md
 
 
renovate.json
renovate.json
 
 

Repository files navigation

slsa-source-poc

A proof-of-concept for how the SLSA Source Track could be implemented.

The code in this repository should not be relied upon for production purposes.

Status: in development

Policy

POLICY.md defines the rationale behind labeling a given commit at a particular SLSA level.

Many open questions remain.

SLSA Source VSAs

create_slsa_source_vsa.yml is a reusable workflow that is meant to create a VSA attesting to the SLSA Source Level of a given commit.

local_attest.yml is a local workflow that invokes create_slsa_source_vsa.yml.

vsa_creator is a GitHub Action that does most of the work of creating the VSA.

TODO:

  • Actually sign things
  • Store them properly
  • Higher SLSA levels

About

A proof-of-concept for how the SLSA Source Track could be implemented.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

6 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages