Document detailed attested build environment verification flow #1169
Labels
build-environment-track
Issues/PRs related to the SLSA BuildEnv track
Comments
marcelamelara
added
the
build-environment-track
|
Also related comment: https://github.com/slsa-framework/slsa/pull/1115/files#r1790435248 |
|
cc @thmsbinder @ipetr0v @conradgrobler perhaps some of the oak building blocks may be useful here |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current build environment track levels spec only describes verification at a very high level. As part of the track, we need to write up a dedicated verification document that lays out all of the attestations/data needed to verify the integrity of a build environment, the policies used to verify against, attestation/policy storage, and responsible actors for each aspect.
This was also raised in
#1115 (comment)
#1115 (comment)
The text was updated successfully, but these errors were encountered: