Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

content: draft: define how downstream users can verify the SLSA source track level of revisions #1094

Merged
merged 40 commits into from
Sep 23, 2024
Merged

content: draft: define how downstream users can verify the SLSA source track level of revisions #1094

merged 40 commits into from
Sep 23, 2024

Commits on Jul 10, 2024

  1. Initial draft of a 'source attestation'. 

    Just focusing on how to communicate levels to downstream users.

Future updates can include guidance for how to verify.

Open question: should this live here or someplace else?

refs slsa-framework#1071

Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    aa087ad View commit details
    Browse the repository at this point in the history

  2. fix spelling 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    6ebf749 View commit details
    Browse the repository at this point in the history

  3. make linter happy 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    2b076ab View commit details
    Browse the repository at this point in the history

  4. We need a list of branches that pointed to the revision.

    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    48f5301 View commit details
    Browse the repository at this point in the history

  5. make linter happy 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    d028178 View commit details
    Browse the repository at this point in the history

  6. allow other properties in verifiedLevels 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    da726cd View commit details
    Browse the repository at this point in the history

  7. resourceUri does not need refs anymore 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 10, 2024
    Configuration menu
    Copy the full SHA
    0c2d8af View commit details
    Browse the repository at this point in the history

Commits on Jul 12, 2024

  1. fully qualify git branches 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    a310289 View commit details
    Browse the repository at this point in the history

  2. make linter happy 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    1c51364 View commit details
    Browse the repository at this point in the history

  3. add instructions on how to verify 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    9b05f90 View commit details
    Browse the repository at this point in the history

  4. make linter happy 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 12, 2024
    Configuration menu
    Copy the full SHA
    62d9375 View commit details
    Browse the repository at this point in the history

Commits on Jul 25, 2024

  1. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Zachariah Cox <zachariahcox@github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @zachariahcox
    TomHennen and zachariahcox authored Jul 25, 2024
    Configuration menu
    Copy the full SHA
    9c1b891 View commit details
    Browse the repository at this point in the history

  2. clarify tamper-proof properties, start section on evidence 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    a540709 View commit details
    Browse the repository at this point in the history

  3. Merge branch 'source_attestation' of github.com:TomHennen/slsa into s… 

    …ource_attestation
    @TomHennen
    TomHennen committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    d310507 View commit details
    Browse the repository at this point in the history

  4. flesh out Source Level Evidence 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    fd051aa View commit details
    Browse the repository at this point in the history

  5. make linter happy 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Jul 25, 2024
    Configuration menu
    Copy the full SHA
    c7e6fd7 View commit details
    Browse the repository at this point in the history

Commits on Aug 14, 2024

  1. Use standardized language for the source attestations 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 14, 2024
    Configuration menu
    Copy the full SHA
    88f4fbc View commit details
    Browse the repository at this point in the history

Commits on Aug 15, 2024

  1. merge 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 15, 2024
    Configuration menu
    Copy the full SHA
    a50bfb5 View commit details
    Browse the repository at this point in the history

  2. clarify attestations are about revisions (for the most part) 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 15, 2024
    Configuration menu
    Copy the full SHA
    c54d16b View commit details
    Browse the repository at this point in the history

  3. issuer -> verifier 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 15, 2024
    Configuration menu
    Copy the full SHA
    f8b87a4 View commit details
    Browse the repository at this point in the history

Commits on Aug 16, 2024

  1. clarify source level evidence 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 16, 2024
    Configuration menu
    Copy the full SHA
    be65286 View commit details
    Browse the repository at this point in the history

  2. detailed -> full 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 16, 2024
    Configuration menu
    Copy the full SHA
    55b7108 View commit details
    Browse the repository at this point in the history

  3. fix typo 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 16, 2024
    Configuration menu
    Copy the full SHA
    7916e37 View commit details
    Browse the repository at this point in the history

  4. more evidence examples 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 16, 2024
    Configuration menu
    Copy the full SHA
    21cadb0 View commit details
    Browse the repository at this point in the history

  5. clarify that the source track may define new types of tags 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 16, 2024
    Configuration menu
    Copy the full SHA
    858d37f View commit details
    Browse the repository at this point in the history

Commits on Aug 20, 2024

  1. clarify who the attestors are 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Aug 20, 2024
    Configuration menu
    Copy the full SHA
    72d3163 View commit details
    Browse the repository at this point in the history

Commits on Sep 9, 2024

  1. Add SCAI as example evidence 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    7f2ad75 View commit details
    Browse the repository at this point in the history

  2. Add TODOs 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    3e502cf View commit details
    Browse the repository at this point in the history

  3. 'full attestation' -> 'provenance attestation' 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    ef1eb82 View commit details
    Browse the repository at this point in the history

  4. clarify when source_branches get set 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 9, 2024
    Configuration menu
    Copy the full SHA
    63d5c48 View commit details
    Browse the repository at this point in the history

Commits on Sep 13, 2024

  1. Merge branch 'main' of github.com:slsa-framework/slsa into source_att… 

    …estation
    @TomHennen
    TomHennen committed Sep 13, 2024
    Configuration menu
    Copy the full SHA
    c5ab4a9 View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2024

  1. Merge branch 'main' into source_attestation 

    Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen
    TomHennen authored Sep 17, 2024
    Configuration menu
    Copy the full SHA
    2844f59 View commit details
    Browse the repository at this point in the history

Commits on Sep 19, 2024

  1. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Zachariah Cox <zachariahcox@github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @zachariahcox
    TomHennen and zachariahcox authored Sep 19, 2024
    Configuration menu
    Copy the full SHA
    85a6c7f View commit details
    Browse the repository at this point in the history

  2. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Zachariah Cox <zachariahcox@github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @zachariahcox
    TomHennen and zachariahcox authored Sep 19, 2024
    Configuration menu
    Copy the full SHA
    2de9531 View commit details
    Browse the repository at this point in the history

  3. attestor->issuer and full->provenance 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 19, 2024
    Configuration menu
    Copy the full SHA
    7955011 View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2024

  1. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Aditya Sirish <8928778+adityasaky@users.noreply.github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @adityasaky
    TomHennen and adityasaky authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    fb001a4 View commit details
    Browse the repository at this point in the history

  2. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Aditya Sirish <8928778+adityasaky@users.noreply.github.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @adityasaky
    TomHennen and adityasaky authored Sep 20, 2024
    Configuration menu
    Copy the full SHA
    01a55cd View commit details
    Browse the repository at this point in the history

  3. remove old TODO 

    Signed-off-by: Tom Hennen <tomhennen@google.com>
    @TomHennen
    TomHennen committed Sep 20, 2024
    Configuration menu
    Copy the full SHA
    0741877 View commit details
    Browse the repository at this point in the history

Commits on Sep 23, 2024

  1. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Marcela Melara <marcela.melara@intel.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @marcelamelara
    TomHennen and marcelamelara authored Sep 23, 2024
    Configuration menu
    Copy the full SHA
    bd71904 View commit details
    Browse the repository at this point in the history

  2. Update docs/spec/draft/source-requirements.md 

    Co-authored-by: Marcela Melara <marcela.melara@intel.com>
Signed-off-by: Tom Hennen <TomHennen@users.noreply.github.com>
    @TomHennen @marcelamelara
    TomHennen and marcelamelara authored Sep 23, 2024
    Configuration menu
    Copy the full SHA
    b197be7 View commit details
    Browse the repository at this point in the history