Skip to content

Issues: slsa-framework/slsa

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

148 Open 211 Closed
148 Open 211 Closed
Author
Filter by author
Label
Filter by label
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Milestones
Filter by milestone
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Update supply-chain-threats.svg to reflect current 1.0 scope clarification Clarification of the spec, without changing meaning
#1004 opened Nov 30, 2023 by cqueern
2
Clarify threat model by highlighting trust boundaries clarification Clarification of the spec, without changing meaning
#992 opened Oct 23, 2023 by MarkLodato
Clarify Provenance is Unforgeable requirements at Build L3
#986 opened Oct 12, 2023 by marcelamelara
8
Workstream: Build Platform Operations Track workstream Major effort comprising multiple sub-issues
#985 opened Oct 11, 2023 by MarkLodato
Document how to do SLSA for ML and highlight gaps
#978 opened Oct 9, 2023 by MarkLodato
1
Workstream: SLSA Build L4 workstream Major effort comprising multiple sub-issues
#977 opened Oct 9, 2023 by MarkLodato
3 tasks
@david-a-wheeler
6
Workstream: Hardware Attested Platforms workstream Major effort comprising multiple sub-issues
#975 opened Oct 3, 2023 by chkimes
1 task
@chkimes
14
Clarify where to use SLSA Provenance vs. VSA clarification Clarification of the spec, without changing meaning
#974 opened Oct 3, 2023 by joshuagl
6
Clarifying values of verifiedLevels in VSA v1 attestation Updates to attestation formats vsa Applies to SLSA VSA spec
#968 opened Sep 20, 2023 by AdamZWu
11
Workstream: Dependency Track workstream Major effort comprising multiple sub-issues
#961 opened Aug 28, 2023 by kpk47
2
Clarifying common builder pitfalls regarding source material reporting dependencies Pull requests that update a dependency file slsa 4 Applies to a SLSA 4 requirement
#959 opened Aug 25, 2023 by AdamZWu
2
Workstream: Source Track workstream Major effort comprising multiple sub-issues
#956 opened Aug 22, 2023 by kpk47
1 task
@kpk47
7
Reframe levels page around who the consumer needs to trust
#949 opened Aug 18, 2023 by joshuagl
Rename "hosted" to "dedicated"? clarification Clarification of the spec, without changing meaning
#947 opened Aug 17, 2023 by MarkLodato
22
Standardize externalParameters for CI/CD builds provenance Applies to SLSA provenance spec
#940 opened Aug 4, 2023 by MarkLodato
13
Fix broken links to .md files shovel-ready Good issues for newcomers website Issues with the slsa.dev website
#938 opened Aug 3, 2023 by MarkLodato
@joshuagl
8
SLSA steering committee application, terms and clarity of roles
#937 opened Aug 3, 2023 by joshuagl
1
Specify a mediaType for SLSA attestations
#933 opened Jul 31, 2023 by sudo-bmitch
@marcelamelara
5
discussion: How to interpret "was built from the official source and build process" in Build L3
#926 opened Jul 21, 2023 by behnazh-w
9
discussion: What is the role of VSA?
#921 opened Jul 17, 2023 by kpk47
9
Clarification on valid in-toto statement encapsulation
#918 opened Jul 12, 2023 by AdamZWu
@kpk47
1
Tooling to help generate good squash commit messages
#913 opened Jul 11, 2023 by joshuagl
1
Workstream: Release SLSA v1.1 workstream Major effort comprising multiple sub-issues
#900 opened Jul 6, 2023 by kpk47
3 of 7 tasks
@joshuagl
7
Discussion: Possibly ambiguous language regarding the use of cache artifacts
#894 opened Jun 29, 2023 by adityasaky
14
discussion: Verifying package names discussion policy Policy / verification of provenance
#891 opened Jun 28, 2023 by ianlewis
22
ProTip! Mix and match filters to narrow down what you’re looking for.