Add SLSA provenance to your releases #22108
Labels
team-OSS
Issues for the Bazel OSS team: installation, release processBazel packaging, website
type: feature request
untriaged
Description of the feature request:
Please add SLSA provenance to your releases.
It is easy to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info:
https://docs.sigstore.dev/signing/overview/
Which category does this issue belong to?
No response
What underlying problem are you trying to solve with this feature?
Improve robustness against supply-chain attacks.
Which operating system are you running Bazel on?
No response
What is the output of
bazel info release
?No response
If
bazel info release
returnsdevelopment version
or(@non-git)
, tell us how you built Bazel.No response
What's the output of
git remote get-url origin; git rev-parse HEAD
?No response
Have you found anything relevant by searching the web?
No response
Any other information, logs, or outputs that you want to share?
No response
The text was updated successfully, but these errors were encountered: