New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SLSA provenance to your releases #22108

Open

udf2457 opened this issue Apr 24, 2024 · 0 comments

Labels

team-OSS type: feature request untriaged

udf2457 commented Apr 24, 2024

Description of the feature request:

Please add SLSA provenance to your releases.

It is easy to do on on Github:

https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator

Background info:
https://docs.sigstore.dev/signing/overview/

Which category does this issue belong to?

No response

What underlying problem are you trying to solve with this feature?

Improve robustness against supply-chain attacks.

Which operating system are you running Bazel on?

No response

What is the output of `bazel info release`?

No response

If `bazel info release` returns `development version` or `(@non-git)`, tell us how you built Bazel.

No response

What's the output of `git remote get-url origin; git rev-parse HEAD` ?

No response

Have you found anything relevant by searching the web?

No response

Any other information, logs, or outputs that you want to share?

No response

The text was updated successfully, but these errors were encountered:

udf2457 added type: feature request untriaged labels

udf2457 assigned iancha1992, satyanandak and sgowroji

iancha1992 unassigned sgowroji, iancha1992 and satyanandak

iancha1992 added the team-OSS label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment