|
1 | 1 | { |
2 | 2 | "metadata": { |
3 | | - "timestamps": "2022-11-09 20:35:52" |
| 3 | + "timestamps": "2023-02-15 20:15:49" |
4 | 4 | }, |
5 | 5 | "target": { |
6 | 6 | "info": { |
7 | 7 | "full_name": "urllib3/urllib3", |
8 | 8 | "local_cloned_path": "git_repos/github.com/urllib3/urllib3", |
9 | 9 | "remote_path": "https://github.com/urllib3/urllib3", |
10 | 10 | "branch": "main", |
11 | | - "commit_hash": "87a0ecee6e691fe5ff93cd000c0158deebef763b", |
12 | | - "commit_date": "2022-10-04T07:59:23-05:00" |
| 11 | + "commit_hash": "8619650a81a959b716b2f38b2a714ac1831e9a98", |
| 12 | + "commit_date": "2023-02-14T08:23:05-06:00" |
13 | 13 | }, |
14 | 14 | "provenances": { |
15 | 15 | "is_inferred": false, |
|
20 | 20 | "predicateType": "https://slsa.dev/provenance/v0.2", |
21 | 21 | "subject": [ |
22 | 22 | { |
23 | | - "name": "urllib3-1.26.12-py2.py3-none-any.whl", |
| 23 | + "name": "urllib3-1.26.14-py2.py3-none-any.whl", |
24 | 24 | "digest": { |
25 | | - "sha256": "b930dd878d5a8afb066a637fbb35144fe7901e3b209d1cd4f524bd0e9deee997" |
| 25 | + "sha256": "75edcdc2f7d85b137124a6c3c9fc3933cdeaa12ecb9a6a959f22797a0feca7e1" |
26 | 26 | } |
27 | 27 | }, |
28 | 28 | { |
29 | | - "name": "urllib3-1.26.12.tar.gz", |
| 29 | + "name": "urllib3-1.26.14.tar.gz", |
30 | 30 | "digest": { |
31 | | - "sha256": "3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e" |
| 31 | + "sha256": "076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72" |
32 | 32 | } |
33 | 33 | } |
34 | 34 | ], |
35 | 35 | "predicate": { |
36 | 36 | "builder": { |
37 | | - "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.2.0" |
| 37 | + "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.2.1" |
38 | 38 | }, |
39 | | - "buildType": "https://github.com/slsa-framework/slsa-github-generator@v1", |
| 39 | + "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", |
40 | 40 | "invocation": { |
41 | 41 | "configSource": { |
42 | | - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/1.26.12", |
| 42 | + "uri": "git+https://github.com/urllib3/urllib3@refs/tags/1.26.14", |
43 | 43 | "digest": { |
44 | | - "sha1": "a5b29ac1025f9bb30f2c9b756f3b171389c2c039" |
| 44 | + "sha1": "f96a1cfc568beddf1e17ce7609609eca40780be5" |
45 | 45 | }, |
46 | 46 | "entryPoint": ".github/workflows/publish.yml" |
47 | 47 | }, |
|
52 | 52 | "github_base_ref": "", |
53 | 53 | "github_event_name": "push", |
54 | 54 | "github_event_payload": { |
55 | | - "after": "c128a2928b839dddeaa6000b21d4f2583e69a164", |
| 55 | + "after": "0f616fe3909a6e6ca9290e6f95b380bcca2a4b67", |
56 | 56 | "base_ref": null, |
57 | 57 | "before": "0000000000000000000000000000000000000000", |
58 | 58 | "commits": [], |
59 | | - "compare": "https://github.com/urllib3/urllib3/compare/1.26.12", |
| 59 | + "compare": "https://github.com/urllib3/urllib3/compare/1.26.14", |
60 | 60 | "created": true, |
61 | 61 | "deleted": false, |
62 | 62 | "forced": false, |
63 | 63 | "head_commit": { |
64 | 64 | "author": { |
65 | | - |
66 | | - "name": "Seth Michael Larson", |
67 | | - "username": "sethmlarson" |
| 65 | + |
| 66 | + "name": "Quentin Pradet", |
| 67 | + "username": "pquentin" |
68 | 68 | }, |
69 | 69 | "committer": { |
70 | | - "email": "sethmichaellarson@gmail.com", |
71 | | - "name": "Seth Michael Larson", |
72 | | - "username": "sethmlarson" |
| 70 | + "email": "noreply@github.com", |
| 71 | + "name": "GitHub", |
| 72 | + "username": "web-flow" |
73 | 73 | }, |
74 | 74 | "distinct": true, |
75 | | - "id": "a5b29ac1025f9bb30f2c9b756f3b171389c2c039", |
76 | | - "message": "Add outputs.hashes to build action", |
77 | | - "timestamp": "2022-08-22T08:14:45-05:00", |
78 | | - "tree_id": "e62873ad556d245d3f06dc46019044979253068b", |
79 | | - "url": "https://github.com/urllib3/urllib3/commit/a5b29ac1025f9bb30f2c9b756f3b171389c2c039" |
| 75 | + "id": "f96a1cfc568beddf1e17ce7609609eca40780be5", |
| 76 | + "message": "Release 1.26.14", |
| 77 | + "timestamp": "2023-01-11T06:50:04-06:00", |
| 78 | + "tree_id": "7d3cbe000e4f17a43c840672802864b6d73f19e4", |
| 79 | + "url": "https://github.com/urllib3/urllib3/commit/f96a1cfc568beddf1e17ce7609609eca40780be5" |
80 | 80 | }, |
81 | 81 | "organization": { |
82 | 82 | "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", |
|
96 | 96 | |
97 | 97 | "name": "sethmlarson" |
98 | 98 | }, |
99 | | - "ref": "refs/tags/1.26.12", |
| 99 | + "ref": "refs/tags/1.26.14", |
100 | 100 | "repository": { |
101 | 101 | "allow_forking": true, |
102 | 102 | "archive_url": "https://api.github.com/repos/urllib3/urllib3/{archive_format}{/ref}", |
|
119 | 119 | "downloads_url": "https://api.github.com/repos/urllib3/urllib3/downloads", |
120 | 120 | "events_url": "https://api.github.com/repos/urllib3/urllib3/events", |
121 | 121 | "fork": false, |
122 | | - "forks": 989, |
123 | | - "forks_count": 989, |
| 122 | + "forks": 1020, |
| 123 | + "forks_count": 1020, |
124 | 124 | "forks_url": "https://api.github.com/repos/urllib3/urllib3/forks", |
125 | 125 | "full_name": "urllib3/urllib3", |
126 | 126 | "git_commits_url": "https://api.github.com/repos/urllib3/urllib3/git/commits{/sha}", |
127 | 127 | "git_refs_url": "https://api.github.com/repos/urllib3/urllib3/git/refs{/sha}", |
128 | 128 | "git_tags_url": "https://api.github.com/repos/urllib3/urllib3/git/tags{/sha}", |
129 | 129 | "git_url": "git://github.com/urllib3/urllib3.git", |
| 130 | + "has_discussions": false, |
130 | 131 | "has_downloads": true, |
131 | 132 | "has_issues": true, |
132 | 133 | "has_pages": false, |
|
158 | 159 | "name": "urllib3", |
159 | 160 | "node_id": "MDEwOlJlcG9zaXRvcnkyNDEwNjc2", |
160 | 161 | "notifications_url": "https://api.github.com/repos/urllib3/urllib3/notifications{?since,all,participating}", |
161 | | - "open_issues": 110, |
162 | | - "open_issues_count": 110, |
| 162 | + "open_issues": 116, |
| 163 | + "open_issues_count": 116, |
163 | 164 | "organization": "urllib3", |
164 | 165 | "owner": { |
165 | 166 | "avatar_url": "https://avatars.githubusercontent.com/u/26825299?v=4", |
|
185 | 186 | }, |
186 | 187 | "private": false, |
187 | 188 | "pulls_url": "https://api.github.com/repos/urllib3/urllib3/pulls{/number}", |
188 | | - "pushed_at": 1661174126, |
| 189 | + "pushed_at": 1673441859, |
189 | 190 | "releases_url": "https://api.github.com/repos/urllib3/urllib3/releases{/id}", |
190 | | - "size": 6500, |
| 191 | + "size": 6874, |
191 | 192 | "ssh_url": "[email protected]:urllib3/urllib3.git", |
192 | | - "stargazers": 3131, |
193 | | - "stargazers_count": 3131, |
| 193 | + "stargazers": 3256, |
| 194 | + "stargazers_count": 3256, |
194 | 195 | "stargazers_url": "https://api.github.com/repos/urllib3/urllib3/stargazers", |
195 | 196 | "statuses_url": "https://api.github.com/repos/urllib3/urllib3/statuses/{sha}", |
196 | 197 | "subscribers_url": "https://api.github.com/repos/urllib3/urllib3/subscribers", |
|
205 | 206 | "urllib3" |
206 | 207 | ], |
207 | 208 | "trees_url": "https://api.github.com/repos/urllib3/urllib3/git/trees{/sha}", |
208 | | - "updated_at": "2022-08-22T06:37:09Z", |
| 209 | + "updated_at": "2023-01-10T14:58:11Z", |
209 | 210 | "url": "https://github.com/urllib3/urllib3", |
210 | 211 | "visibility": "public", |
211 | | - "watchers": 3131, |
212 | | - "watchers_count": 3131, |
| 212 | + "watchers": 3256, |
| 213 | + "watchers_count": 3256, |
213 | 214 | "web_commit_signoff_required": false |
214 | 215 | }, |
215 | 216 | "sender": { |
|
234 | 235 | } |
235 | 236 | }, |
236 | 237 | "github_head_ref": "", |
237 | | - "github_ref": "refs/tags/1.26.12", |
| 238 | + "github_ref": "refs/tags/1.26.14", |
238 | 239 | "github_ref_type": "tag", |
239 | 240 | "github_repository_id": "2410676", |
240 | 241 | "github_repository_owner": "urllib3", |
241 | 242 | "github_repository_owner_id": "26825299", |
242 | 243 | "github_run_attempt": "1", |
243 | | - "github_run_id": "2904159641", |
244 | | - "github_run_number": "5", |
245 | | - "github_sha1": "a5b29ac1025f9bb30f2c9b756f3b171389c2c039" |
| 244 | + "github_run_id": "3893009395", |
| 245 | + "github_run_number": "11", |
| 246 | + "github_sha1": "f96a1cfc568beddf1e17ce7609609eca40780be5" |
246 | 247 | } |
247 | 248 | }, |
248 | 249 | "metadata": { |
249 | | - "buildInvocationID": "2904159641-1", |
| 250 | + "buildInvocationID": "3893009395-1", |
250 | 251 | "completeness": { |
251 | 252 | "parameters": true, |
252 | 253 | "environment": false, |
|
256 | 257 | }, |
257 | 258 | "materials": [ |
258 | 259 | { |
259 | | - "uri": "git+https://github.com/urllib3/urllib3@refs/tags/1.26.12", |
| 260 | + "uri": "git+https://github.com/urllib3/urllib3@refs/tags/1.26.14", |
260 | 261 | "digest": { |
261 | | - "sha1": "a5b29ac1025f9bb30f2c9b756f3b171389c2c039" |
| 262 | + "sha1": "f96a1cfc568beddf1e17ce7609609eca40780be5" |
262 | 263 | } |
263 | 264 | } |
264 | 265 | ] |
|
270 | 271 | "checks": { |
271 | 272 | "summary": { |
272 | 273 | "DISABLED": 0, |
273 | | - "FAILED": 5, |
274 | | - "PASSED": 3, |
| 274 | + "FAILED": 4, |
| 275 | + "PASSED": 4, |
275 | 276 | "SKIPPED": 0, |
276 | 277 | "UNKNOWN": 0 |
277 | 278 | }, |
278 | 279 | "results": [ |
| 280 | + { |
| 281 | + "check_id": "mcn_build_script_1", |
| 282 | + "check_description": "Check if the target repo has a valid build script.", |
| 283 | + "slsa_requirements": [ |
| 284 | + "Scripted Build - SLSA Level 1" |
| 285 | + ], |
| 286 | + "justification": [ |
| 287 | + "The target repository uses build tool pip." |
| 288 | + ], |
| 289 | + "result_type": "PASSED" |
| 290 | + }, |
279 | 291 | { |
280 | 292 | "check_id": "mcn_provenance_available_1", |
281 | 293 | "check_description": "Check whether the target has intoto provenance.", |
|
302 | 314 | ], |
303 | 315 | "justification": [ |
304 | 316 | "Successfully verified level 3 provenance for the following artifacts", |
305 | | - "urllib3-1.26.12-py2.py3-none-any.whl.", |
306 | | - "urllib3-1.26.12.tar.gz." |
| 317 | + "urllib3-1.26.14-py2.py3-none-any.whl.", |
| 318 | + "urllib3-1.26.14.tar.gz." |
307 | 319 | ], |
308 | 320 | "result_type": "PASSED" |
309 | 321 | }, |
|
327 | 339 | "Build as code - SLSA Level 3" |
328 | 340 | ], |
329 | 341 | "justification": [ |
330 | | - "The target repository does not have a build tool." |
331 | | - ], |
332 | | - "result_type": "FAILED" |
333 | | - }, |
334 | | - { |
335 | | - "check_id": "mcn_build_script_1", |
336 | | - "check_description": "Check if the target repo has a valid build script.", |
337 | | - "slsa_requirements": [ |
338 | | - "Scripted Build - SLSA Level 1" |
339 | | - ], |
340 | | - "justification": [ |
341 | | - "The target repository does not have a build tool." |
| 342 | + "The target repository does not use pip to deploy." |
342 | 343 | ], |
343 | 344 | "result_type": "FAILED" |
344 | 345 | }, |
|
386 | 387 | "unique_dep_repos": 0, |
387 | 388 | "checks_summary": [ |
388 | 389 | { |
389 | | - "check_id": "mcn_policy_check_1", |
| 390 | + "check_id": "mcn_trusted_builder_level_three_1", |
390 | 391 | "num_deps_pass": 0 |
391 | 392 | }, |
392 | 393 | { |
393 | | - "check_id": "mcn_provenance_available_1", |
| 394 | + "check_id": "mcn_build_script_1", |
394 | 395 | "num_deps_pass": 0 |
395 | 396 | }, |
396 | 397 | { |
397 | | - "check_id": "mcn_build_as_code_1", |
| 398 | + "check_id": "mcn_build_service_1", |
398 | 399 | "num_deps_pass": 0 |
399 | 400 | }, |
400 | 401 | { |
401 | 402 | "check_id": "mcn_version_control_system_1", |
402 | 403 | "num_deps_pass": 0 |
403 | 404 | }, |
404 | 405 | { |
405 | | - "check_id": "mcn_trusted_builder_level_three_1", |
| 406 | + "check_id": "mcn_provenance_available_1", |
406 | 407 | "num_deps_pass": 0 |
407 | 408 | }, |
408 | 409 | { |
409 | | - "check_id": "mcn_build_script_1", |
| 410 | + "check_id": "mcn_provenance_level_three_1", |
410 | 411 | "num_deps_pass": 0 |
411 | 412 | }, |
412 | 413 | { |
413 | | - "check_id": "mcn_provenance_level_three_1", |
| 414 | + "check_id": "mcn_build_as_code_1", |
414 | 415 | "num_deps_pass": 0 |
415 | 416 | }, |
416 | 417 | { |
417 | | - "check_id": "mcn_build_service_1", |
| 418 | + "check_id": "mcn_policy_check_1", |
418 | 419 | "num_deps_pass": 0 |
419 | 420 | } |
420 | 421 | ], |
|
0 commit comments