v2.4.0
Summary
Support for BYOB-based builders released in https://github.com/slsa-framework/slsa-github-generator/releases/tag/v1.9.0
What's Changed
- chore: Update SHA256SUM.md for v2.3.0 by @ianlewis in #592
- docs: Make npm package version and name non-optional by @laurentsimon in #591
- docs: npm provenance verification from GitHub runner by @laurentsimon in #595
- chore(deps): update dependency @types/node to v18.16.9 by @renovate-bot in #596
- chore(deps): update github-actions by @renovate-bot in #597
- chore(deps): update dependency jasmine to v5 by @renovate-bot in #598
- feat: BYOB verification support by @laurentsimon in #604
- feat: Support for v1.0 verification in BYOB by @laurentsimon in #609
- feat: Use env variable to retrieve trigger workflow by @laurentsimon in #615
- test: Add test data for v1.6.0 by @ianlewis in #612
- fix: Verify the TRW tag is a semver tag by @laurentsimon in #619
- chore: Don't be verbose with tests locally by @ianlewis in #620
- fix: use ExternalParameters["source"] for the Source URI for SLSA v1.0 provenance by @asraa in #621
- test: re-generate container-based tests by @asraa in #627
- fix: revert to using resolvedDepdendencies for source verification by @asraa in #629
- refactor: Provenance tests by @ianlewis in #628
- fix(deps): update module github.com/sigstore/rekor to v1.2.0 [security] by @renovate-bot in #622
- fix: only allow hashes of 256 bits or more by @laurentsimon in #633
- fix: builder ID verification for testing by @ianlewis in #635
- feat: remove experimental on Sigstore bundle and v1.0 SLSA provenance format by @asraa in #634
- chore: update toc in README.md by @asraa in #636
- fix: allow workflow_dispatch to trigger release.yml by @ianlewis in #637
- test: add tests for v1.7.0 builders by @asraa in #638
- chore(deps): update github-actions by @renovate-bot in #607
- chore(deps): update gcr.io/distroless/base:nonroot docker digest to c623859 by @renovate-bot in #567
- fix(deps): update github.com/sigstore/protobuf-specs digest to 5ef5406 by @renovate-bot in #606
- chore(deps): update npm dev by @renovate-bot in #608
- chore(deps): update golang:1.19 docker digest to 83f9f84 by @renovate-bot in #583
- feat: Verify provenance by build type by @ianlewis in #632
- refactor: Use Go 1.20 by @ianlewis in #643
- test: Add more ProvenanceFromEnvelope tests by @ianlewis in #640
- fix: pre-submit: e2e-cli.sh artifact download by @ianlewis in #646
- refactor: Add more git utils by @ianlewis in #645
- refactor: Use full builder id by @ianlewis in #648
- feat: Use tags
vX.Y.Z-<language>for JReleaser builders by @laurentsimon in #644 - chore(deps): update github-actions by @renovate-bot in #651
- feat: move maven-plugin from slsa-github-generator by @AdamKorcz in #664
- docs: Fix maven-plugin README by @laurentsimon in #671
- feat: Verification for when sha1 is specified in BYOB TRW by @ianlewis in #641
- docs: Add example for maven verification plugin by @laurentsimon in #676
- chore: Add Kris to codeowners by @laurentsimon in #678
- feat: Print byob builder by @laurentsimon in #677
- test: Add test data for v1.8.0 by @ianlewis in #681
- chore(deps): update github-actions by @renovate-bot in #666
- feat: Non-compulsory BuilderID for BYOB Builders by @enteraga6 in #674
- chore(deps): update golang docker tag to v1.21 by @renovate-bot in #687
- chore(deps): update github-actions by @renovate-bot in #686
- feat: GCB refactor for v1.0 support by @laurentsimon in #682
- feat: Allow byob builders ref at main for e2e tests by @laurentsimon in #689
- feat: Update doc and code for Maven plugin by @laurentsimon in #680
- feat: gcb v1.0 support by @laurentsimon in #691
- feat: v1.9.0 regression tests by @laurentsimon in #696
- fix: release failure by @laurentsimon in #697
New Contributors
- @AdamKorcz made their first contribution in #664
- @enteraga6 made their first contribution in #674
Full Changelog: v2.3.0...v2.4.0
Contributors
ianlewis, asraa, and 4 other contributors