A function that transform SLSA provenance + pattern into a SLSA verification summary #153

lulf · 2023-03-15T13:24:29Z

Usage:

slsa::verify<my-policy-pattern>

The verify function takes a Provenance predicate, and performs a verification, producing a Verification Attestation Summary as described here.

Guidance on SLSA levels https://slsa.dev/spec/v0.1/requirements

The intended use is that consumers can create policies that enforce SLSA level 0-4 for their artifacts.

The text was updated successfully, but these errors were encountered:

lulf · 2023-03-15T15:10:46Z

Notes to self: I originally thought this verification function would be passed the provenance document in order to create the verification document.

Instead, the the input to the verify function could be as simple as a name and a sha256 digest, and rely produce the summary based on that.

lulf mentioned this issue Mar 15, 2023

Support for checking in-toto attestations #139

Open

5 tasks

lulf self-assigned this Mar 15, 2023

lulf changed the title ~~A function that takes as input an SLSA provenance and produces a SLSA verification summary~~ A function that transform SLSA provenance + pattern into a SLSA verification summary Mar 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

A function that transform SLSA provenance + pattern into a SLSA verification summary #153

A function that transform SLSA provenance + pattern into a SLSA verification summary #153

lulf commented Mar 15, 2023 •

edited

Loading

lulf commented Mar 15, 2023

A function that transform SLSA provenance + pattern into a SLSA verification summary #153

A function that transform SLSA provenance + pattern into a SLSA verification summary #153

Comments

lulf commented Mar 15, 2023 • edited Loading

lulf commented Mar 15, 2023

lulf commented Mar 15, 2023 •

edited

Loading