Milestones - slsa-framework/slsa-github-generator

A framework to bring / build your own builder, allowing existing tools / GitHub Actions to be safely wrapped into a SLSA level 3 reusable workflow.

Add the ability to execute builds by running a Docker image and generate provenance for the build.

This will add a new container workflow which will allow projects to build artifacts using a docker image and generate provenance for SLSA Level 3.

A builder to build and publish packages to Maven central, using the BYOB framework

A SLSA compliant builder for https://bazel.build/ projects, using v1.0 specs

Gradle Java builder, using BYOB framework

This milestone tracks support for SLSA v1.0

This milestone will add a new reusable workflow to build and publish Node.js npm packages with that means the provenance requirements
for SLSA Level 3 by simply adding a new job to their existing GitHub Actions workflow.

This will serve as the "Trusted Builder" for npm RFC-0049.

Milestone for next release. Not particular features, mostly updates, fixes and improvements

A new reusable workflow will be developed (likely in another repository) to build Docker images from a Dockerfile.

This will add a new Dockerfile builder workflow which will allow OSS projects to generate provenance for their Docker images that satisfies the provenance requirements for SLSA Level 3.

This workflow will use the BYOB framework.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BYOB framework pre-release

Docker image based builds for arbitrary binaries

Maven package builder GA

Bazel builder GA

Gradle builder GA

BYOB framework GA

Support for SLSA v1.0

Node.js builder GA

Next release

Dockerfile builder