Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SLSA provenance to releases #10016

Open
udf2457 opened this issue Apr 24, 2024 · 0 comments
Open

Add SLSA provenance to releases #10016

udf2457 opened this issue Apr 24, 2024 · 0 comments
Milestone
Backlog

Comments

@udf2457
Copy link

udf2457 commented Apr 24, 2024

Previous request #4553 seems to have been silently brushed under the carpet by the stalebot.

Previous request was also two years ago. In the intervening period, the tooling has become more robust and easier to implement.

Therefore I am re-opening a request to add SLSA provenance to your releases.

It is easier than ever to do on on Github:

https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator

Background info:
https://docs.sigstore.dev/signing/overview/
@udf2457 udf2457 changed the title Add SLSA releases Add SLSA provenance to releases Apr 24, 2024
@brandond brandond added this to the Backlog milestone Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
K3s Backlog
Status: Enhancements
Milestone
Backlog
Development

No branches or pull requests
2 participants
@brandond @udf2457