SLSA documentation #397
Merged
SLSA documentation #397
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
To resolve the DCO check: "To avoid having PRs blocked in the future, always include |
zachyonash
force-pushed
the
slsa-pipeline-docs
branch
from
4531150
to
36d21b7
Compare
|
Or you can use markdownlint in VS Code. |
rgreinho
reviewed
Feb 7, 2023
docs/content/docs/slsa/frsca-slsa.md
Outdated
|
|
||
| # SLSA 2 Requirements | ||
|
|
||
| 1. Source - [Version controlled](https://slsa.dev/spec/v0.1/requirements#version-controlled) ✅* |
There was a problem hiding this comment.
At the end of this line, there is an asterisk, but it is not pointing to anything.
There was a problem hiding this comment.
I placed an asterisk to just denote that it's something that the FRSCA examples cover, but it's ultimately up to the end user to ensure their source requirements are fulfilled. If it's confusing I'm happy to just take it off.
There was a problem hiding this comment.
It makes sense once you explain it 😃 Maybe you could just mention that explanation at the bottom of the list (or wherever you think it would make sense)?
or use |
pull-request-size
bot
added
size/XXL
pull-request-size
bot
added
size/L
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.38 to 2.1.39. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@515828d...a34ca99) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Signed-off-by: ZYonash <[email protected]>
The git-clone task was updated in place. This PR updates the sha256 used by vendorme. Signed-off-by: Brad Beck <[email protected]> Signed-off-by: Brad Beck <[email protected]> Signed-off-by: ZYonash <[email protected]>
This change adds documentation explaining how FRSCA is achieving various levels of SLSA compliance. Ref buildsec#231 Signed-off-by: ZYonash <[email protected]>
* Workaround for git dubious ownership error Workaround for the following error in the docs workflow: ``` fatal: detected dubious ownership in repository at '/github/workspace' To add an exception for this directory, call: git config --global --add safe.directory /github/workspace ``` Signed-off-by: Brad Beck <[email protected]> * Try new version of shalzz/zola-deploy-action Signed-off-by: Brad Beck <[email protected]> --------- Signed-off-by: Brad Beck <[email protected]> Signed-off-by: ZYonash <[email protected]>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.39 to 2.2.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@a34ca99...3ebbd71) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> Signed-off-by: ZYonash <[email protected]>
…ould fix the build error. Signed-off-by: ZYonash <[email protected]>
Signed-off-by: ZYonash <[email protected]>
This reverts commit d286ca1. Signed-off-by: ZYonash <[email protected]>
Signed-off-by: ZYonash <[email protected]>
zachyonash
force-pushed
the
slsa-pipeline-docs
branch
from
21db1dc
to
d1530f1
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change adds documentation explaining how FRSCA is achieving various levels of SLSA compliance.
Ref #231