README
¶
slsa-source-poc
A proof-of-concept for how the SLSA Source Track could be implemented.
The code in this repository should not be relied upon for production purposes.
Status: in development
Design
REQUIREMENTS_MAPPING.md defines the rationale for how this tool meets the SLSA Source Requirements.
DESIGN.md explains more specifically how the system works.
Components
compute_slsa_source.yml is a reusable workflow that is calculates a SLSA source level and produces 'source provenance' and a 'verification summary' for the revision (commit) that was just pushed.
local_attest.yml is a local workflow that invokes compute_slsa_source.yml.
slsa_with_provenance is a GitHub Action that does most of the work.
get_note is a GitHub Action that gets a git note from a commit.
store_note is a GitHub Action that stores a git note for a commit.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
pkg
|
|
|
auth/authfakes
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
|
repo/repofakes
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
|
sourcetool/backends/attestation/notes
Package notes implements an attestation storage backend that reads from git commit notes
|
Package notes implements an attestation storage backend that reads from git commit notes |
|
sourcetool/models/modelsfakes
Code generated by counterfeiter.
|
Code generated by counterfeiter. |
|
sourcetool/sourcetoolfakes
Code generated by counterfeiter.
|
Code generated by counterfeiter. |