slsa-framework / slsa Public

Notifications You must be signed in to change notification settings
Fork 225
Star 1.6k

Code
Issues 213
Pull requests 3
Discussions
Actions
Projects 2
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

Issues: slsa-framework/slsa

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

213 Open 263 Closed

Author

Filter by author

Label

Filter by label

Use alt + click/return to exclude labels

or ⇧ + click/return for logical OR

Projects

Filter by project

Milestones

Filter by milestone

Assignee

Filter by who’s assigned

Assigned to nobody

Sort

Sort by

Newest Oldest Most commented Least commented Recently updated Least recently updated Best match

Most reactions

Issues list

Add search to published doc

#1232 opened Nov 4, 2024 by shalper

Clarify 'Tamper with provenance or VSA' threat slsa 1.1

#1223 opened Oct 25, 2024 by TomHennen

Safe Expunging and 'legal' restrictions source-track

#1222 opened Oct 25, 2024 by TomHennen

Relationship of VSA's resourceUri with the attestation subject

#1219 opened Oct 24, 2024 by adityasaky

Clarify why builder level is meaningful in threats slsa 1.1

#1215 opened Oct 23, 2024 by TomHennen

Rephrase "The update did not match the code submitted to GitHub"? slsa 1.1

#1213 opened Oct 21, 2024 by TomHennen

Clarify how end-users can know the expected value of resourceUri in a VSA slsa 1.1

#1212 opened Oct 21, 2024 by TomHennen

Clarify that it's the CI's control plane that gives it privileged access build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1211 opened Oct 21, 2024 by marcelamelara

Clarify the connection between the Build and BuildEnv tracks build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1210 opened Oct 21, 2024 by marcelamelara

Summarized verification results in VSA, timeless vs. time-sensitive

#1207 opened Oct 16, 2024 by AdamZWu

Document implementation of the BuildEnv track for non-Linux environments build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1198 opened Oct 15, 2024 by marcelamelara

Add reference to TPM 2.0 spec defining "Quote" build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1197 opened Oct 15, 2024 by marcelamelara

Explicitly mention that BuildEnv L2 build platform MUST verify the SLSA Provenance OR its VSA. build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1196 opened Oct 15, 2024 by marcelamelara

Explicitly note that the build image should be included in the external parameters field of Provenance for artifacts built on BuildEnv platforms build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1195 opened Oct 15, 2024 by marcelamelara

More cleanly separate container vs. VM requirements in BuildEnv L2+ build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1192 opened Oct 15, 2024 by marcelamelara

Update threats.md to discuss SLSA Source Track source-track

#1187 opened Oct 14, 2024 by TomHennen

Cover use case of build environments without a build agent build-environment-track

Issues/PRs related to the SLSA BuildEnv track

discussion

#1185 opened Oct 11, 2024 by marcelamelara

TODO: Need mitigation description for "Use a compromised build tool" threat slsa 1.1

#1184 opened Oct 9, 2024 by lehors

TODO: Need mitigation description for "Include a vulnerable dependency" threat slsa 1.1

#1183 opened Oct 9, 2024 by lehors

TODO: Need mitigation description for "Dependency confusion" threat slsa 1.1

#1181 opened Oct 9, 2024 by lehors

TODO: Need mitigation description for "Software producer intentionally submits bad code" threat slsa 1.1

#1178 opened Oct 9, 2024 by lehors

Link build environment terms to their definitions build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1177 opened Oct 8, 2024 by marcelamelara

final source track copy edit source-track spec-change

Modification to the spec (requirements, schema, etc.)

#1172 opened Oct 2, 2024 by zachariahcox

Clarify that the build executor and agent may not be on the rootfs build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1170 opened Oct 1, 2024 by marcelamelara

Document detailed attested build environment verification flow build-environment-track

Issues/PRs related to the SLSA BuildEnv track

#1169 opened Sep 30, 2024 by marcelamelara

Previous 1 2 3 4 5 … 8 9 Next

Previous Next

ProTip! Mix and match filters to narrow down what you’re looking for.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly