Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please add SLSA provenance to your releases #422

Closed
udf2457 opened this issue May 26, 2024 · 2 comments
Closed

Please add SLSA provenance to your releases #422

udf2457 opened this issue May 26, 2024 · 2 comments
Assignees
Labels
answered Whether a question was answered or not enhancement New feature or request

Comments

@udf2457
Copy link

udf2457 commented May 26, 2024

Feature request type

enhancement

Is your feature request related to a problem? Please describe

Thank you for your work on garnet.

However, given the nature of the modern world we live in, it would be nice if you could add SLSA provenance to your releases.

Describe the solution you'd like

Add SLSA provenance to your releases.

This could be through Sigstore keyless signing, Github artifact attestations or any other method.

Describe alternatives you've considered

No response

Additional context

No response

@darrenge darrenge added enhancement New feature or request labels May 29, 2024
@darrenge
Copy link
Contributor

I read through the SLSA provenance and it doesn't look like we can implement anything above SLSA1 because our builds are done using Azue Dev Ops. However, all our release files are signed using Microsoft approved signing.

Also, we are looking into adding our containers to Microsoft Container Registry which has its own strict processes to ensure supply chain integrity.

Is there something else that you were thinking of?

@darrenge darrenge added the answered Whether a question was answered or not label Jun 10, 2024
@darrenge
Copy link
Contributor

Closing out since it was answered

@github-actions github-actions bot locked and limited conversation to collaborators Aug 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
answered Whether a question was answered or not enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants