Skip to content

slsa-framework/example-package

Folders and files

NameName
Last commit message
Last commit date
Apr 22, 2024
Mar 27, 2024
Jul 26, 2023
Apr 22, 2024
Feb 16, 2024
Feb 16, 2024
Jan 29, 2024
Jul 27, 2022
Apr 27, 2022
Dec 8, 2023
Jun 7, 2023
Jun 9, 2022
Mar 27, 2024
Apr 3, 2024
Apr 27, 2022
Jan 29, 2024
Aug 10, 2023
Jan 26, 2024
Apr 22, 2024
Sep 19, 2022
Jun 9, 2022
Aug 11, 2023
Jan 25, 2024
Jan 25, 2024
Feb 16, 2024
Feb 16, 2024
May 29, 2023
Jan 24, 2024
Aug 15, 2023
Sep 13, 2022

Repository files navigation

Example project for SLSA

Example project builds a simple binary using a variety of SLSA-compliant builders.

The code is built using bazelisk build:

  • Bazelisk reads .bazelversion, fetches the correct version of Bazel, and then runs bazel build.
  • Bazel reads WORKSPACE, fetches the rules_go module, and then compiles the hello binary.

For GitHub Actions-based builds, the artifact is uploaded using actions/upload-artifact.

Builders

slsa-github-generator e2e test status

Project health

golangci-lint shellcheck yamllint actionlint

Node.js builder e2e tests

Event Name Status
create .github/workflows/e2e.nodejs.create.main.default.slsa3.yml
push default branch .github/workflows/e2e.nodejs.push.main.default.slsa3.yml
custom publish .github/workflows/e2e.nodejs.push.main.custom_publish.slsa3.yml
Node 16 .github/workflows/e2e.nodejs.push.main.node16.slsa3.yml
Node 18 .github/workflows/e2e.nodejs.push.main.node18.slsa3.yml
npm dist-tag .github/workflows/e2e.nodejs.push.main.disttag.slsa3.yml
non-default branch .github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml
push to tag .github/workflows/e2e.nodejs.tag.main.default.slsa3.yml
push to tag (unscoped package) .github/workflows/e2e.nodejs.tag.main.unscoped.slsa3.yml
release .github/workflows/e2e.nodejs.release.main.default.slsa3.yml
workflow_dispatch .github/workflows/e2e.nodejs.workflow_dispatch.main.default.slsa3.yml

BYOB generic permissions builder e2e tests

Event Name Status
create default .github/workflows/e2e.delegator-generic.create.main.default.slsa3.yml
with sha1 .github/workflows/e2e.delegator-generic.create.main.checkout.slsa3.yml
push default branch .github/workflows/e2e.delegator-generic.push.main.default.slsa3.yml
push to tag .github/workflows/e2e.delegator-generic.tag.main.default.slsa3.yml
release default .github/workflows/e2e.delegator-generic.release.main.default.slsa3.yml
With sha1 .github/workflows/e2e.delegator-generic.release.main.checkout.slsa3.yml
workflow_dispatch default branch .github/workflows/e2e.delegator-generic.workflow_dispatch.main.default.slsa3.yml
default branch w/ sha1 .github/workflows/e2e.delegator-generic.workflow_dispatch.main.checkout.slsa3.yml
non-default branch .github/workflows/e2e.delegator-generic.workflow_dispatch.branch1.default.slsa3.yml
non-default branch w/ sha1 .github/workflows/e2e.delegator-generic.workflow_dispatch.branch1.checkout.slsa3.yml

BYOB low permissions builder e2e tests

Event Status
workflow_dispatch .github/workflows/e2e.delegator-lowperms.workflow_dispatch.main.default.slsa3.yml
release .github/workflows/e2e.delegator-lowperms.release.main.default.slsa3.yml
create .github/workflows/e2e.delegator-lowperms.create.main.default.slsa3.yml
push .github/workflows/e2e.delegator-lowperms.push.main.default.slsa3.yml
tag .github/workflows/e2e.delegator-lowperms.tag.main.default.slsa3.yml