Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-05-20 15:10:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

Document SLSA adoption and current level (#661)

Browse source 
* Document SLSA adoption and current level
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
This commit is contained in:
Fabian Kammel 2022-11-29 12:56:28 +01:00 committed by GitHub
parent 86bc9f4b38
commit cf49f7d755
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 132 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/docs/workflows/verify-cli.md
View file

@ -42,7 +42,7 @@ Verified OK
## Verify the provenance
Provenance attests that a software artifact was produced by a specific repository and build system invocation. For more information on provenance visit [slsa.dev](https://slsa.dev/provenance/v0.2).
Provenance attests that a software artifact was produced by a specific repository and build system invocation. For more information on provenance visit [slsa.dev](https://slsa.dev/provenance/v0.2). We've also detailed our [adoption of SLSA](../reference/slsa.md).
Just as checking the signature on the CLI proves that the CLI wasn't manipulated, checking the provenance proves that the artifact was produced by our build process and hasn't been tampered with.