-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generate SLSA3 provenance for all Flux components #3994
Labels
area/ci
CI related issues and pull requests
area/security
Security related issues and pull requests
umbrella-issue
Umbrella issue for tracking progress of a larger effort
Milestone
Comments
stefanprodan
added
area/ci
CI related issues and pull requests
area/security
Security related issues and pull requests
umbrella-issue
Umbrella issue for tracking progress of a larger effort
labels
Jun 21, 2023
This was referenced Jun 21, 2023
stefanprodan
changed the title
Generate SLSA3+ provenance for all Flux components
Generate SLSA3 provenance for all Flux components
Jun 23, 2023
This was referenced Jun 23, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/ci
CI related issues and pull requests
area/security
Security related issues and pull requests
umbrella-issue
Umbrella issue for tracking progress of a larger effort
All the GitOps Toolkit controllers and the Flux CLI should make use of the SLSA GitHub Generator at release time for generating non-forgeable SLSA provenance on GitHub that meets the provenance generation and isolation requirements for SLSA Build level 3 and above.
Generators:
generator_generic_slsa3
for the release assets (binaries, SBOMs, source code)generator_container_slsa3
for the multi-arch container images (DockerHub and GHCR)Add the SLSA3 generators to the following release workflows:
The text was updated successfully, but these errors were encountered: