Improve GCB verification #221
Description
- Verify text provenance for GCB #242 human-readable part should match DSSE
- feat: Support for GCB verification #202 summary verification
- feat: Support for GCB verification #202 metadata verification
- feat: support for GCB v0.3 verification #248 Unit tests
- feat: CLI tests for GCB verification #251 CLI tests @laurentsimon
- feat: CLI tests for GCB verification #251 source.uri verification
- tag using
-subject-name - schedule workflows to check for changes in GCB builder keys and update them @asraa to investigate
- maybe check for key corruption (?)
- unit tests for keys of different type (e.g., RSA) invalid key format
- e2e tests building a container and verifying it @asraa to investigate
- Follow same structure as GHA e2e verification: verifier@main should verify all previous GCB provenance versions
- feat: add CLI tests for GCB verification #245 CLI main_test.go tests
- feat: add CLI tests for GCB verification #245 immutable-only images accepted @laurentsimon
- feat: add CLI tests for GCB verification #245 verify image on registry in CLI @laurentsimon
- Documentation for verification (immutable tag) @laurentsimon PRIORITY
- Update builderID from
@v0.2tov0.3+ with new recipe.type @laurentsimon will look into it. PRIORITY - Make the builder-id flag non-experimental
- Support builder-id without the
@vx.y@laurentsimon PRIORITY - Support for verification of GitHub tag, branch, etc available in v0.3 @laurentsimon
- blog post on slsa.dev @ianlewis @asraa to lead