diff --git a/scripts/dev_scripts/integration_tests.sh b/scripts/dev_scripts/integration_tests.sh index 2f3230c76..c57da3749 100755 --- a/scripts/dev_scripts/integration_tests.sh +++ b/scripts/dev_scripts/integration_tests.sh @@ -577,6 +577,17 @@ fi rm -rf "$SOURCE_REPO" rm -rf "$TARGET_REPO" +echo -e "\n----------------------------------------------------------------------------------" +echo "Running the analysis with all checks excluded. This test should return an error code." +echo -e "----------------------------------------------------------------------------------\n" +$RUN_MACARON -dp tests/e2e/defaults/exclude_all_checks.ini analyze -rp https://github.com/apache/maven --skip-deps + +if [ $? -eq 0 ]; +then + echo -e "Expect non-zero status code but got $?." + log_fail +fi + echo -e "\n----------------------------------------------------------------------------------" echo "apache/maven: test analyzing without the environment variable GITHUB_TOKEN being set." echo -e "----------------------------------------------------------------------------------\n" @@ -626,12 +637,24 @@ fi # Testing the CUE provenance expectation verifier. echo -e "\n----------------------------------------------------------------------------------" -echo "Test verifying CUE provenance expectation." +echo "Test verifying CUE provenance expectation for ossf/scorecard" +echo -e "----------------------------------------------------------------------------------\n" +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.json +JSON_RESULT=$WORKSPACE/output/reports/github/ossf/scorecard/scorecard.json +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/scorecard.ini +EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue +$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail + +check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail + +echo -e "\n----------------------------------------------------------------------------------" +echo "Test verifying CUE provenance expectation for slsa-verifier" echo -e "----------------------------------------------------------------------------------\n" JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json JSON_RESULT=$WORKSPACE/output/reports/github.com/slsa-framework/slsa-verifier/slsa-verifier.json EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue -$RUN_MACARON analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini +$RUN_MACARON -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail @@ -648,16 +671,15 @@ check_or_update_expected_output $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || # Testing the Souffle policy engine. echo -e "\n----------------------------------------------------------------------------------" -echo "Run policy CLI with slsa-verifier results." +echo "Run policy CLI with scorecard results." echo -e "----------------------------------------------------------------------------------\n" RUN_POLICY="macaron verify-policy" -POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/valid/slsa-verifier.dl +POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/scorecard/scorecard.dl POLICY_RESULT=$WORKSPACE/output/policy_report.json -POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/policy_report.json +POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json VSA_RESULT=$WORKSPACE/output/vsa.intoto.jsonl -VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_slsa-verifier/vsa_payload.json +VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json -# Run policy engine on the database and compare results. $RUN_POLICY -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail check_or_update_expected_output $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail check_or_update_expected_output "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail diff --git a/scripts/dev_scripts/integration_tests_docker.sh b/scripts/dev_scripts/integration_tests_docker.sh index 7d407baac..8ceb92df6 100755 --- a/scripts/dev_scripts/integration_tests_docker.sh +++ b/scripts/dev_scripts/integration_tests_docker.sh @@ -124,6 +124,17 @@ $RUN_MACARON_SCRIPT analyze -pe $EXPECTATION_DIR -rp https://github.com/urllib3/ python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail +echo -e "\n----------------------------------------------------------------------------------" +echo "Test verifying CUE provenance expectation for ossf/scorecard" +echo -e "----------------------------------------------------------------------------------\n" +JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/scorecard/scorecard.json +JSON_RESULT=$WORKSPACE/output/reports/github/ossf/scorecard/scorecard.json +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/scorecard.ini +EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue +$RUN_MACARON_SCRIPT -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -purl pkg:github/ossf/scorecard@v4.13.1 --skip-deps || log_fail + +python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail + echo -e "\n----------------------------------------------------------------------------------" echo "slsa-framework/slsa-verifier: Analyzing the repo path when automatic dependency resolution is skipped" echo "and CUE file is provided as expectation." @@ -131,20 +142,20 @@ echo -e "----------------------------------------------------------------------- JSON_EXPECTED=$WORKSPACE/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json JSON_RESULT=$WORKSPACE/output/reports/github.com/slsa-framework/slsa-verifier/slsa-verifier.json EXPECTATION_FILE=$WORKSPACE/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/slsa_verifier_PASS.cue -$RUN_MACARON_SCRIPT analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail +DEFAULTS_FILE=$WORKSPACE/tests/e2e/defaults/slsa_verifier.ini +$RUN_MACARON_SCRIPT -dp $DEFAULTS_FILE analyze -pe $EXPECTATION_FILE -rp https://github.com/slsa-framework/slsa-verifier -b main -d fc50b662fcfeeeb0e97243554b47d9b20b14efac --skip-deps || log_fail python $COMPARE_JSON_OUT $JSON_RESULT $JSON_EXPECTED || log_fail echo -e "\n----------------------------------------------------------------------------------" -echo "Run policy CLI with slsa-verifier results." +echo "Run policy CLI with scorecard results." echo -e "----------------------------------------------------------------------------------\n" -POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/valid/slsa-verifier.dl +POLICY_FILE=$WORKSPACE/tests/policy_engine/resources/policies/scorecard/scorecard.dl POLICY_RESULT=$WORKSPACE/output/policy_report.json -POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/policy_report.json +POLICY_EXPECTED=$WORKSPACE/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json VSA_RESULT=$WORKSPACE/output/vsa.intoto.jsonl -VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_slsa-verifier/vsa_payload.json +VSA_PAYLOAD_EXPECTED=$WORKSPACE/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json -# Run policy engine on the database and compare results. $RUN_MACARON_SCRIPT verify-policy -f $POLICY_FILE -d "$WORKSPACE/output/macaron.db" || log_fail python $COMPARE_POLICIES $POLICY_RESULT $POLICY_EXPECTED || log_fail python "$COMPARE_VSA" "$VSA_RESULT" "$VSA_PAYLOAD_EXPECTED" || log_fail diff --git a/src/macaron/config/defaults.ini b/src/macaron/config/defaults.ini index 967917746..fe4807bdc 100644 --- a/src/macaron/config/defaults.ini +++ b/src/macaron/config/defaults.ini @@ -475,3 +475,39 @@ hostname = registry.npmjs.org # The attestation REST API. attestation_endpoint = -/npm/v1/attestations request_timeout = 20 + +# Configuration options for selecting the checks to run. +# Both the exclude and include are defined as list of strings: +# - The exclude list is used to specify the checks that will not run. +# - The include list is used to specify the checks that should run. The checks that are not specified by "include" will be excluded. +# The final list of checks to run will always be "include" minus "exclude". +# Each element of a list is either the full ID of a check (e.g mcn_build_as_code_1) or a glob pattern +# (https://docs.python.org/3/library/fnmatch.html) to match multiple check IDs (e.g "mcn_*" will match all default +# Macaron checks). +# Examples +# 1. Exclude 1 check: +# ``` +# [analysis.checks] +# exclude = mcn_build_as_code_1 +# include = * +# ``` +# 2. Exclude multiple checks: +# ``` +# [analysis.checks] +# exclude = +# mcn_build_as_code_1 +# mcn_provenance_level_three_1 +# include = * +# ``` +# 3. Exclude multiple checks that start with `mcn_provenance`: +# ``` +# [analysis.checks] +# exclude = +# mcn_provenance* +# include = * +# ``` +[analysis.checks] +# By default, we don't exclude any checks. +exclude = +# By default, we run all checks available. +include = * diff --git a/src/macaron/errors.py b/src/macaron/errors.py index 7847c1b38..5e892e1a6 100644 --- a/src/macaron/errors.py +++ b/src/macaron/errors.py @@ -1,4 +1,4 @@ -# Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2023 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module contains error classes for Macaron.""" @@ -54,3 +54,7 @@ class DuplicateError(MacaronError): class InvalidHTTPResponseError(MacaronError): """Happens when the HTTP response is invalid or unexpected.""" + + +class CheckRegistryError(MacaronError): + """The Check Registry Error class.""" diff --git a/src/macaron/output_reporter/results.py b/src/macaron/output_reporter/results.py index b6c99e8e6..5bf8c8806 100644 --- a/src/macaron/output_reporter/results.py +++ b/src/macaron/output_reporter/results.py @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module contains classes that represent the result of the Macaron analysis.""" @@ -142,6 +142,8 @@ def get_dict(self) -> dict: "metadata": { "timestamps": datetime.now().isoformat(sep=" ", timespec="seconds"), "has_passing_check": has_passing_check, + "run_checks": registry.checks_to_run, + "check_tree": registry.check_tree, }, "target": self.context.get_dict() if self.context else {}, "dependencies": self.get_dep_summary(), diff --git a/src/macaron/output_reporter/templates/base_template.html b/src/macaron/output_reporter/templates/base_template.html index b5bf05221..0d15b35a9 100644 --- a/src/macaron/output_reporter/templates/base_template.html +++ b/src/macaron/output_reporter/templates/base_template.html @@ -286,6 +286,13 @@ .active { display: block; } + + .check-tree-node::before { + content: "\2514"; + color: black; + display: inline-block; + margin-right: 6px; + } @@ -683,6 +690,13 @@ document.getElementById("check_report_content").classList.toggle("hidden"); }); + // Add a listener to toggle the display of run checks. + let run_check_toggler = document.getElementById("run-checks"); + run_check_toggler.addEventListener("click", function() { + this.classList.toggle("toggler-extend"); + document.getElementById("run-checks-tree").classList.toggle("hidden"); + }); + // When loaded, expand all CI services. elements setExpandState(document.querySelectorAll(".tree-view-nested-list > * > .caret"), true); setExpandState(document.querySelectorAll(".tree-view-nested-list > * > * > * > .caret"), true); diff --git a/src/macaron/output_reporter/templates/macaron.html b/src/macaron/output_reporter/templates/macaron.html index 1cb794ca9..d7fec05a5 100644 --- a/src/macaron/output_reporter/templates/macaron.html +++ b/src/macaron/output_reporter/templates/macaron.html @@ -164,6 +164,31 @@ {% endcall %} {% endmacro %} +{# + The `check-tree-node` class will add a small symbol before the check ID + indicating a non-root node. Therefore, we don't apply it for the checks without + parent (i.e the first level checks). +#} +{% macro render_run_checks(check_tree, run_checks) %} + +{% endmacro %} + + {# -------------------------------------------- #} {# @@ -236,6 +261,13 @@
Reports for Macaron checks
diff --git a/src/macaron/slsa_analyzer/analyzer.py b/src/macaron/slsa_analyzer/analyzer.py index 9e93b1b70..ca3dc05f4 100644 --- a/src/macaron/slsa_analyzer/analyzer.py +++ b/src/macaron/slsa_analyzer/analyzer.py @@ -32,7 +32,7 @@ # To load all checks into the registry from macaron.slsa_analyzer.checks import * # pylint: disable=wildcard-import,unused-wildcard-import # noqa: F401,F403 -from macaron.slsa_analyzer.checks.check_result import CheckResult, SkippedInfo +from macaron.slsa_analyzer.checks.check_result import CheckResult from macaron.slsa_analyzer.ci_service import CI_SERVICES from macaron.slsa_analyzer.database_store import store_analyze_context_to_db from macaron.slsa_analyzer.git_service import GIT_SERVICES, BaseGitService @@ -72,6 +72,12 @@ def __init__(self, output_path: str, build_log_path: str) -> None: logger.error("Cannot start the analysis. Exiting ...") sys.exit(1) + logger.info( + "The following checks are excluded based on the user configuration: %s", + [check for check in registry.get_all_checks_mapping() if check not in registry.checks_to_run], + ) + logger.info("The following checks will be run: %s", registry.checks_to_run) + self.output_path = output_path # Prepare the directory to store all the build logs in the @@ -874,11 +880,7 @@ def perform_checks(self, analyze_ctx: AnalyzeContext) -> dict[str, CheckResult]: ) ) - # TODO: Get the list of skipped checks from user configuration - skipped_checks: list[SkippedInfo] = [] - - results = registry.scan(analyze_ctx, skipped_checks) - + results = registry.scan(analyze_ctx) return results diff --git a/src/macaron/slsa_analyzer/registry.py b/src/macaron/slsa_analyzer/registry.py index 06e8e7287..e1a3a4391 100644 --- a/src/macaron/slsa_analyzer/registry.py +++ b/src/macaron/slsa_analyzer/registry.py @@ -1,19 +1,22 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module contains the Registry class for loading checks.""" import concurrent.futures +import fnmatch import inspect import logging import queue import re import sys +from collections.abc import Callable, Iterable from copy import deepcopy from graphlib import CycleError, TopologicalSorter -from typing import Any +from typing import Any, TypeVar from macaron.config.defaults import defaults +from macaron.errors import CheckRegistryError from macaron.slsa_analyzer.analyze_context import AnalyzeContext from macaron.slsa_analyzer.checks.base_check import BaseCheck from macaron.slsa_analyzer.checks.check_result import ( @@ -29,6 +32,10 @@ logger: logging.Logger = logging.getLogger(__name__) +CheckTree = dict[str, "CheckTree"] +T = TypeVar("T") + + class Registry: """This abstract class is used to store checks in Macaron.""" @@ -61,6 +68,11 @@ def __init__(self) -> None: self.runner_num = 1 self.runner_timeout = 5 + self.checks_to_run: list[str] = [] + self.no_parent_checks: list[str] = [] + + self.check_tree: CheckTree = {} + def register(self, check: BaseCheck) -> None: """Register the check. @@ -79,6 +91,7 @@ def register(self, check: BaseCheck) -> None: # checks can still depend on it, and therefore it might have been initialized and added to the mapping # already. So we need to check if it already exists in `_check_relationships_mapping`. if not check.depends_on: + self.no_parent_checks.append(check.check_info.check_id) if check.check_info.check_id not in self._check_relationships_mapping: self._check_relationships_mapping[check.check_info.check_id] = {} else: @@ -331,7 +344,151 @@ def _validate_check_relationship(relationship: Any) -> bool: return False - def scan(self, target: AnalyzeContext, skipped_checks: list[SkippedInfo]) -> dict[str, CheckResult]: + def get_parents(self, check_id: str) -> set[str]: + """Return the ids of all direct parent checks. + + Parameters + ---------- + check_id : str + The check id we want to obtain the parents. + + Returns + ------- + set[str] + The set of ids for all parent checks. + """ + check = self._all_checks_mapping.get(check_id) + if not check: + # It won't happen as we have validated the existence of check_id in registry.prepare(). + return set() + + return {relation[0] for relation in check.depends_on} + + def get_children(self, check_id: str) -> set[str]: + """Return the ids of all direct children checks. + + Parameters + ---------- + check_id : str + The check id we want to obtain the children. + + Returns + ------- + set[str] + The set of ids for all children checks. + """ + # If this check is not defined in the check relationships mapping, it means that it + # doesn't have any children, hence the default empty dictionary. + return set(self._check_relationships_mapping.get(check_id, {})) + + @staticmethod + def get_reachable_nodes( + node: T, + get_successors: Callable[[T], Iterable[T]], + ) -> Iterable[T]: + """Return the set that contains `node` and nodes that can be transitively reached from it. + + This method obtains the successors of a node from `get_successors`. This `get_successors` function takes + a node as input and returns a Collection of successors of that node. + + Parameters + ---------- + node : T + The start node to find the transitive successors. + get_successors : Callable[[T], Iterable[T]] + The function to obtain successors of every node. + + Returns + ------- + Iterable[T] + Contains `node` and its transitive successors. + """ + visited = [] + stack = [node] + + while stack: + current_node = stack[-1] + + if current_node not in visited: + visited.append(current_node) + + for successor in get_successors(current_node): + if successor not in visited: + stack.append(successor) + + else: + stack.pop() + + return visited + + def get_final_checks(self, ex_pats: list[str], in_pats: list[str]) -> list[str]: + """Return a set of the check ids to run from the exclude and include glob patterns. + + The exclude and include glob patterns are used to match against the id of registered checks. + + Including a check would effectively include all transitive parents of that check. + Excluding a check would effectively exclude all transitive children of that check. + + The final list of checks to run would be the included checks minus the excluded checks. + + Parameters + ---------- + ex_pats : list[str] + The list of excluded glob patterns. + in_pats : list[str] + The list of included glob patterns. + + Returns + ------- + list[str] + The set of final checks to run + + Raises + ------ + CheckRegistryError + If there is an error while obtaining the final checks to run. + """ + all_checks = self._all_checks_mapping.keys() + + if "*" in in_pats and not ex_pats: + return list(all_checks) + + if "*" in ex_pats: + return [] + + exclude: set[str] = set() + for ex_pat in set(ex_pats): + exclude.update(fnmatch.filter(all_checks, ex_pat)) + + transitive_ex: set[str] = set() + for direct_ex in exclude: + transitive_children = self.get_reachable_nodes( + node=direct_ex, + get_successors=self.get_children, + ) + + transitive_ex.update(transitive_children) + + include: set[str] = set() + for in_pat in set(in_pats): + include.update(fnmatch.filter(all_checks, in_pat)) + + transitive_in: set[str] = set() + for direct_in in include: + transitive_parents = self.get_reachable_nodes( + node=direct_in, + get_successors=self.get_parents, + ) + + transitive_in.update(transitive_parents) + + include.update(transitive_in) + exclude.update(transitive_ex) + + final = include.difference(exclude) + return list(final) + + def scan(self, target: AnalyzeContext) -> dict[str, CheckResult]: """Run all checks on a target repo. Parameters @@ -348,6 +505,7 @@ def scan(self, target: AnalyzeContext, skipped_checks: list[SkippedInfo]) -> dic """ all_checks = self._all_checks_mapping results: dict[str, CheckResult] = {} + skipped_checks: list[SkippedInfo] = [] with concurrent.futures.ThreadPoolExecutor(max_workers=self.runner_num) as executor: # To allow the graph to be traversed again after this run. @@ -434,7 +592,14 @@ def scan(self, target: AnalyzeContext, skipped_checks: list[SkippedInfo]) -> dic return results next_check: BaseCheck = check_queue.get() - # Look up check results to see if this check should be run + # Don't run excluded checks + if next_check.check_info.check_id not in self.checks_to_run: + logger.debug("Check %s is disabled by user configuration.", next_check.check_info.check_id) + graph.done(next_check.check_info.check_id) + self.runner_queue.put(runner) + continue + + # Look up check results to see if this check should be run based on its parent status skipped_info = self._should_skip_check(next_check, results) if skipped_info: skipped_checks.append(skipped_info) @@ -498,25 +663,42 @@ def prepare(self) -> bool: """ self._init_runners() + # Only support 1 runner at the moment. + if not self.runners or len(self.runners) != 1: + logger.critical("Invalid number of runners.") + return False + + if not self._all_checks_mapping: + logger.error("Cannot run because there is no check registered.") + return False + try: if not self._is_graph_ready: self._graph.prepare() self._is_graph_ready = True - - # Only support 1 runner at the moment. - if not self.runners or len(self.runners) != 1: - logger.critical("Invalid number of runners.") - return False - - if not self._all_checks_mapping: - logger.error("Cannot run because there is no check registered.") - return False - - return True except CycleError as error: logger.error("Found circular dependencies in registered checks: %s", str(error)) return False + ex_pats = defaults.get_list(section="analysis.checks", item="exclude", fallback=[]) + in_pats = defaults.get_list(section="analysis.checks", item="include", fallback=["*"]) + try: + checks_to_run = registry.get_final_checks(ex_pats, in_pats) + except CheckRegistryError as error: + logger.error(error) + return False + + if len(checks_to_run) == 0: + logger.info("There are no checks to run according to the exclude/include configuration.") + return False + self.checks_to_run = checks_to_run + + # Store the check tree as dictionary to be used in the HTML report. + if not self.check_tree: + self.check_tree = self._get_check_tree_as_dict() + + return True + @staticmethod def get_all_checks_mapping() -> dict[str, BaseCheck]: """Return the dictionary that includes all registered checks. @@ -579,5 +761,64 @@ def _should_skip_check(check: BaseCheck, results: dict[str, CheckResult]) -> Ski return None + def _get_check_tree_as_dict(self) -> CheckTree: + """Return a dictionary representation of the check relationships. + + Returns + ------- + CheckTree + A nested dictionary that represent the relationship between + checks. For each mapping (K, V) in the returned dictionary, K is the check id and + V is a dictionary that contains the children of that check. + + Examples + -------- + Given the following checks and their relationships: + + .. code-block:: + + mcn_provenance_available_1 + |-- mcn_provenance_level_three_1 + |-- mcn_provenance_expectation_1 + mcn_version_control_system_1 + |-- mcn_trusted_builder_level_three_1 + + The resulting dictionary will be: + + .. code-block:: + + { + 'mcn_provenance_available_1': { + 'mcn_provenance_level_three_1': { + 'mcn_provenance_expectation_1': {} + } + }, + 'mcn_version_control_system_1': { + 'mcn_trusted_builder_level_three_1': {} + }, + } + """ + + def _traverse( + node: str, + get_successors: Callable[[str], set[str]], + ) -> CheckTree: + """We assume that the data structure we are working with is a tree. + + Therefore, no cycle checking is needed. + """ + result = {} + successors = get_successors(node) + for successor in successors: + result[successor] = _traverse(successor, get_successors) + + return result + + result: CheckTree = {} + for check in self.no_parent_checks: + result[check] = _traverse(check, self.get_children) + + return result + registry = Registry() diff --git a/tests/e2e/defaults/exclude_all_checks.ini b/tests/e2e/defaults/exclude_all_checks.ini new file mode 100644 index 000000000..3404ca526 --- /dev/null +++ b/tests/e2e/defaults/exclude_all_checks.ini @@ -0,0 +1,6 @@ +# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. + +[analysis.checks] +exclude = * +include = * diff --git a/tests/e2e/defaults/scorecard.ini b/tests/e2e/defaults/scorecard.ini new file mode 100644 index 000000000..f39949cc4 --- /dev/null +++ b/tests/e2e/defaults/scorecard.ini @@ -0,0 +1,9 @@ +# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. + +[analysis.checks] +exclude = +include = + mcn_provenance_expectation_1 + mcn_provenance_level_three_1 + mcn_trusted_builder_level_three_1 diff --git a/tests/e2e/defaults/slsa_verifier.ini b/tests/e2e/defaults/slsa_verifier.ini new file mode 100644 index 000000000..884ca6874 --- /dev/null +++ b/tests/e2e/defaults/slsa_verifier.ini @@ -0,0 +1,6 @@ +# Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. +# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. + +[analysis.checks] +exclude = mcn_provenance_level_three_1 +include = * diff --git a/tests/e2e/expected_results/scorecard/scorecard.json b/tests/e2e/expected_results/scorecard/scorecard.json new file mode 100644 index 000000000..2c6e86bf4 --- /dev/null +++ b/tests/e2e/expected_results/scorecard/scorecard.json @@ -0,0 +1,448 @@ +{ + "metadata": { + "timestamps": "2024-02-16 14:41:29", + "has_passing_check": true, + "run_checks": [ + "mcn_provenance_level_three_1", + "mcn_trusted_builder_level_three_1", + "mcn_version_control_system_1", + "mcn_provenance_expectation_1", + "mcn_provenance_available_1" + ], + "check_tree": { + "mcn_version_control_system_1": { + "mcn_trusted_builder_level_three_1": { + "mcn_build_as_code_1": { + "mcn_infer_artifact_pipeline_1": {}, + "mcn_build_service_1": { + "mcn_build_script_1": {} + } + } + } + }, + "mcn_provenance_available_1": { + "mcn_provenance_level_three_1": {}, + "mcn_provenance_witness_level_one_1": {}, + "mcn_provenance_expectation_1": {} + } + } + }, + "target": { + "info": { + "full_name": "pkg:github/ossf/scorecard@v4.13.1", + "local_cloned_path": "git_repos/github.com/ossf/scorecard", + "remote_path": "https://github.com/ossf/scorecard", + "branch": null, + "commit_hash": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799", + "commit_date": "2023-10-20T14:13:08-07:00" + }, + "provenances": { + "is_inferred": false, + "content": { + "github_actions": [ + { + "_type": "https://in-toto.io/Statement/v0.1", + "predicateType": "https://slsa.dev/provenance/v0.2", + "subject": [ + { + "name": "scorecard_4.13.1_linux_amd64.tar.gz", + "digest": { + "sha256": "53aa07786f2d985d0755ff9caad4e38c0a22596708de0728c5274f84ae48f785" + } + }, + { + "name": "scorecard_4.13.1_darwin_arm64.tar.gz", + "digest": { + "sha256": "59f7599b7602cc0cc9c6ffc335fb4613b28c22801f957805db7213601818d9fc" + } + }, + { + "name": "scorecard_4.13.1_darwin_amd64.tar.gz", + "digest": { + "sha256": "6853fbb5e508f5b763a478cdc30c8b7023b7493dab2c2ec5a7d98be675775472" + } + }, + { + "name": "scorecard_4.13.1_windows_arm64.tar.gz", + "digest": { + "sha256": "8e2f9cb839f3304d8affc0c61e173c4f89ddaa4e85dd9c0b2699877948a15ee7" + } + }, + { + "name": "scorecard_4.13.1_windows_amd64.tar.gz", + "digest": { + "sha256": "b6c231cf4aa7e2e4e65d70f28867a670b8b1e66e946603ae9e197d495eed8922" + } + }, + { + "name": "scorecard_4.13.1_linux_arm64.tar.gz", + "digest": { + "sha256": "d59d75eec0e91abbe65365b866fd0f298ddb9f4bcdda207a7f650720015d0f4f" + } + } + ], + "predicate": { + "builder": { + "id": "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.9.0" + }, + "buildType": "https://github.com/slsa-framework/slsa-github-generator/generic@v1", + "invocation": { + "configSource": { + "uri": "git+https://github.com/ossf/scorecard@refs/tags/v4.13.1", + "digest": { + "sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" + }, + "entryPoint": ".github/workflows/goreleaser.yaml" + }, + "parameters": {}, + "environment": { + "github_actor": "spencerschrock", + "github_actor_id": "6064089", + "github_base_ref": "", + "github_event_name": "push", + "github_event_payload": { + "after": "b2413fb129deaedd2bafff0948557e79524739a0", + "base_ref": null, + "before": "0000000000000000000000000000000000000000", + "commits": [], + "compare": "https://github.com/ossf/scorecard/compare/v4.13.1", + "created": true, + "deleted": false, + "forced": false, + "head_commit": { + "author": { + "email": "martin@martincostello.com", + "name": "Martin Costello", + "username": "martincostello" + }, + "committer": { + "email": "noreply@github.com", + "name": "GitHub", + "username": "web-flow" + }, + "distinct": true, + "id": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799", + "message": ":bug: SAST detect new GitHub app slug for CodeQL (#3591)\n\n* Fix SAST no longer working for CodeQL\r\n\r\nThe app slug for CodeQL appears to have changed from `github-advanced-security` to `github-code-scanning`, causing the SAST rule to false-negative on commits.\r\n\r\nSigned-off-by: martincostello \r\n\r\n* Fix lint warning\r\n\r\nFix lint warning.\r\n\r\nSigned-off-by: martincostello \r\n\r\n---------\r\n\r\nSigned-off-by: martincostello ", + "timestamp": "2023-10-20T14:13:08-07:00", + "tree_id": "8ad5db71b5707987aa7cf7cc55b2836a3d16a3c0", + "url": "https://github.com/ossf/scorecard/commit/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" + }, + "organization": { + "avatar_url": "https://avatars.githubusercontent.com/u/67707773?v=4", + "description": "", + "events_url": "https://api.github.com/orgs/ossf/events", + "hooks_url": "https://api.github.com/orgs/ossf/hooks", + "id": 67707773, + "issues_url": "https://api.github.com/orgs/ossf/issues", + "login": "ossf", + "members_url": "https://api.github.com/orgs/ossf/members{/member}", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY3NzA3Nzcz", + "public_members_url": "https://api.github.com/orgs/ossf/public_members{/member}", + "repos_url": "https://api.github.com/orgs/ossf/repos", + "url": "https://api.github.com/orgs/ossf" + }, + "pusher": { + "email": "sschrock@google.com", + "name": "spencerschrock" + }, + "ref": "refs/tags/v4.13.1", + "repository": { + "allow_forking": true, + "archive_url": "https://api.github.com/repos/ossf/scorecard/{archive_format}{/ref}", + "archived": false, + "assignees_url": "https://api.github.com/repos/ossf/scorecard/assignees{/user}", + "blobs_url": "https://api.github.com/repos/ossf/scorecard/git/blobs{/sha}", + "branches_url": "https://api.github.com/repos/ossf/scorecard/branches{/branch}", + "clone_url": "https://github.com/ossf/scorecard.git", + "collaborators_url": "https://api.github.com/repos/ossf/scorecard/collaborators{/collaborator}", + "comments_url": "https://api.github.com/repos/ossf/scorecard/comments{/number}", + "commits_url": "https://api.github.com/repos/ossf/scorecard/commits{/sha}", + "compare_url": "https://api.github.com/repos/ossf/scorecard/compare/{base}...{head}", + "contents_url": "https://api.github.com/repos/ossf/scorecard/contents/{+path}", + "contributors_url": "https://api.github.com/repos/ossf/scorecard/contributors", + "created_at": 1602254907, + "default_branch": "main", + "deployments_url": "https://api.github.com/repos/ossf/scorecard/deployments", + "description": "OpenSSF Scorecard - Security health metrics for Open Source", + "disabled": false, + "downloads_url": "https://api.github.com/repos/ossf/scorecard/downloads", + "events_url": "https://api.github.com/repos/ossf/scorecard/events", + "fork": false, + "forks": 412, + "forks_count": 412, + "forks_url": "https://api.github.com/repos/ossf/scorecard/forks", + "full_name": "ossf/scorecard", + "git_commits_url": "https://api.github.com/repos/ossf/scorecard/git/commits{/sha}", + "git_refs_url": "https://api.github.com/repos/ossf/scorecard/git/refs{/sha}", + "git_tags_url": "https://api.github.com/repos/ossf/scorecard/git/tags{/sha}", + "git_url": "git://github.com/ossf/scorecard.git", + "has_discussions": true, + "has_downloads": true, + "has_issues": true, + "has_pages": false, + "has_projects": true, + "has_wiki": true, + "homepage": "https://securityscorecards.dev", + "hooks_url": "https://api.github.com/repos/ossf/scorecard/hooks", + "html_url": "https://github.com/ossf/scorecard", + "id": 302670797, + "is_template": false, + "issue_comment_url": "https://api.github.com/repos/ossf/scorecard/issues/comments{/number}", + "issue_events_url": "https://api.github.com/repos/ossf/scorecard/issues/events{/number}", + "issues_url": "https://api.github.com/repos/ossf/scorecard/issues{/number}", + "keys_url": "https://api.github.com/repos/ossf/scorecard/keys{/key_id}", + "labels_url": "https://api.github.com/repos/ossf/scorecard/labels{/name}", + "language": "Go", + "languages_url": "https://api.github.com/repos/ossf/scorecard/languages", + "license": { + "key": "apache-2.0", + "name": "Apache License 2.0", + "node_id": "MDc6TGljZW5zZTI=", + "spdx_id": "Apache-2.0", + "url": "https://api.github.com/licenses/apache-2.0" + }, + "master_branch": "main", + "merges_url": "https://api.github.com/repos/ossf/scorecard/merges", + "milestones_url": "https://api.github.com/repos/ossf/scorecard/milestones{/number}", + "mirror_url": null, + "name": "scorecard", + "node_id": "MDEwOlJlcG9zaXRvcnkzMDI2NzA3OTc=", + "notifications_url": "https://api.github.com/repos/ossf/scorecard/notifications{?since,all,participating}", + "open_issues": 373, + "open_issues_count": 373, + "organization": "ossf", + "owner": { + "avatar_url": "https://avatars.githubusercontent.com/u/67707773?v=4", + "email": null, + "events_url": "https://api.github.com/users/ossf/events{/privacy}", + "followers_url": "https://api.github.com/users/ossf/followers", + "following_url": "https://api.github.com/users/ossf/following{/other_user}", + "gists_url": "https://api.github.com/users/ossf/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/ossf", + "id": 67707773, + "login": "ossf", + "name": "ossf", + "node_id": "MDEyOk9yZ2FuaXphdGlvbjY3NzA3Nzcz", + "organizations_url": "https://api.github.com/users/ossf/orgs", + "received_events_url": "https://api.github.com/users/ossf/received_events", + "repos_url": "https://api.github.com/users/ossf/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/ossf/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/ossf/subscriptions", + "type": "Organization", + "url": "https://api.github.com/users/ossf" + }, + "private": false, + "pulls_url": "https://api.github.com/repos/ossf/scorecard/pulls{/number}", + "pushed_at": 1697837700, + "releases_url": "https://api.github.com/repos/ossf/scorecard/releases{/id}", + "size": 151342, + "ssh_url": "git@github.com:ossf/scorecard.git", + "stargazers": 3743, + "stargazers_count": 3743, + "stargazers_url": "https://api.github.com/repos/ossf/scorecard/stargazers", + "statuses_url": "https://api.github.com/repos/ossf/scorecard/statuses/{sha}", + "subscribers_url": "https://api.github.com/repos/ossf/scorecard/subscribers", + "subscription_url": "https://api.github.com/repos/ossf/scorecard/subscription", + "svn_url": "https://github.com/ossf/scorecard", + "tags_url": "https://api.github.com/repos/ossf/scorecard/tags", + "teams_url": "https://api.github.com/repos/ossf/scorecard/teams", + "topics": [ + "openssf-scorecard", + "scorecard" + ], + "trees_url": "https://api.github.com/repos/ossf/scorecard/git/trees{/sha}", + "updated_at": "2023-10-20T08:57:02Z", + "url": "https://github.com/ossf/scorecard", + "visibility": "public", + "watchers": 3743, + "watchers_count": 3743, + "web_commit_signoff_required": true + }, + "sender": { + "avatar_url": "https://avatars.githubusercontent.com/u/6064089?v=4", + "events_url": "https://api.github.com/users/spencerschrock/events{/privacy}", + "followers_url": "https://api.github.com/users/spencerschrock/followers", + "following_url": "https://api.github.com/users/spencerschrock/following{/other_user}", + "gists_url": "https://api.github.com/users/spencerschrock/gists{/gist_id}", + "gravatar_id": "", + "html_url": "https://github.com/spencerschrock", + "id": 6064089, + "login": "spencerschrock", + "node_id": "MDQ6VXNlcjYwNjQwODk=", + "organizations_url": "https://api.github.com/users/spencerschrock/orgs", + "received_events_url": "https://api.github.com/users/spencerschrock/received_events", + "repos_url": "https://api.github.com/users/spencerschrock/repos", + "site_admin": false, + "starred_url": "https://api.github.com/users/spencerschrock/starred{/owner}{/repo}", + "subscriptions_url": "https://api.github.com/users/spencerschrock/subscriptions", + "type": "User", + "url": "https://api.github.com/users/spencerschrock" + } + }, + "github_head_ref": "", + "github_ref": "refs/tags/v4.13.1", + "github_ref_type": "tag", + "github_repository_id": "302670797", + "github_repository_owner": "ossf", + "github_repository_owner_id": "67707773", + "github_run_attempt": "1", + "github_run_id": "6592927372", + "github_run_number": "50", + "github_sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" + } + }, + "metadata": { + "buildInvocationID": "6592927372-1", + "completeness": { + "parameters": true, + "environment": false, + "materials": false + }, + "reproducible": false + }, + "materials": [ + { + "uri": "git+https://github.com/ossf/scorecard@refs/tags/v4.13.1", + "digest": { + "sha1": "49c0eed3a423f00c872b5c3c9f1bbca9e8aae799" + } + } + ] + } + } + ] + } + }, + "checks": { + "summary": { + "DISABLED": 0, + "FAILED": 0, + "PASSED": 5, + "SKIPPED": 0, + "UNKNOWN": 0 + }, + "results": [ + { + "check_id": "mcn_provenance_available_1", + "check_description": "Check whether the target has intoto provenance.", + "slsa_requirements": [ + "Provenance - Available - SLSA Level 1", + "Provenance content - Identifies build instructions - SLSA Level 1", + "Provenance content - Identifies artifacts - SLSA Level 1", + "Provenance content - Identifies builder - SLSA Level 1" + ], + "justification": [ + "Found provenance in release assets:", + "https://api.github.com/repos/ossf/scorecard/releases/assets/131611370" + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_provenance_expectation_1", + "check_description": "Check whether the SLSA provenance for the produced artifact conforms to the expected value.", + "slsa_requirements": [ + "Provenance conforms with expectations - SLSA Level 3" + ], + "justification": [ + "Successfully verified the expectation against provenance." + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_provenance_level_three_1", + "check_description": "Check whether the target has SLSA provenance level 3.", + "slsa_requirements": [ + "Provenance - Non falsifiable - SLSA Level 3", + "Provenance content - Includes all build parameters - SLSA Level 3", + "Provenance content - Identifies entry point - SLSA Level 3", + "Provenance content - Identifies source code - SLSA Level 2" + ], + "justification": [ + "Successfully verified level 3: ", + "verify passed : scorecard_4.13.1_linux_amd64.tar.gz,verify passed : scorecard_4.13.1_darwin_arm64.tar.gz,verify passed : scorecard_4.13.1_darwin_amd64.tar.gz,verify passed : scorecard_4.13.1_windows_arm64.tar.gz,verify passed : scorecard_4.13.1_windows_amd64.tar.gz,verify passed : scorecard_4.13.1_linux_arm64.tar.gz" + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_trusted_builder_level_three_1", + "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", + "slsa_requirements": [ + "Hermetic - SLSA Level 4", + "Isolated - SLSA Level 3", + "Parameterless - SLSA Level 4", + "Ephemeral environment - SLSA Level 3" + ], + "justification": [ + { + "Found trusted builder GitHub Actions: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.9.0 triggered by": "https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/.github/workflows/slsa-goreleaser.yml" + }, + "However, could not find a passing workflow run." + ], + "result_type": "PASSED" + }, + { + "check_id": "mcn_version_control_system_1", + "check_description": "Check whether the target repo uses a version control system.", + "slsa_requirements": [ + "Version controlled - SLSA Level 2" + ], + "justification": [ + { + "This is a Git repository": "https://github.com/ossf/scorecard" + } + ], + "result_type": "PASSED" + } + ] + } + }, + "dependencies": { + "analyzed_deps": 0, + "unique_dep_repos": 0, + "checks_summary": [ + { + "check_id": "mcn_version_control_system_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_witness_level_one_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_as_code_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_infer_artifact_pipeline_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_trusted_builder_level_three_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_level_three_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_script_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_expectation_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_provenance_available_1", + "num_deps_pass": 0 + }, + { + "check_id": "mcn_build_service_1", + "num_deps_pass": 0 + } + ], + "dep_status": [] + } +} diff --git a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json index d32078220..e52de1893 100644 --- a/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json +++ b/tests/e2e/expected_results/slsa-verifier/slsa-verifier_cue_PASS.json @@ -1,6 +1,35 @@ { "metadata": { - "timestamps": "2023-09-12 17:36:00" + "timestamps": "2024-02-16 16:19:18", + "has_passing_check": true, + "run_checks": [ + "mcn_trusted_builder_level_three_1", + "mcn_provenance_expectation_1", + "mcn_provenance_witness_level_one_1", + "mcn_version_control_system_1", + "mcn_build_script_1", + "mcn_build_as_code_1", + "mcn_build_service_1", + "mcn_infer_artifact_pipeline_1", + "mcn_provenance_available_1" + ], + "check_tree": { + "mcn_version_control_system_1": { + "mcn_trusted_builder_level_three_1": { + "mcn_build_as_code_1": { + "mcn_infer_artifact_pipeline_1": {}, + "mcn_build_service_1": { + "mcn_build_script_1": {} + } + } + } + }, + "mcn_provenance_available_1": { + "mcn_provenance_expectation_1": {}, + "mcn_provenance_witness_level_one_1": {}, + "mcn_provenance_level_three_1": {} + } + } }, "target": { "info": { @@ -22,7 +51,7 @@ { "name": "slsa-verifier-darwin-amd64", "digest": { - "sha256": "9e67318937b936014b6127affc14bc45f1fb10d9899b0105877778e8179b3029" + "sha256": "69fa1ea5bb734e765aae1fa855f50e823c2b90b019994610960b7eb3c83feeb3" } } ], @@ -33,9 +62,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -47,11 +76,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -67,11 +96,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -91,7 +120,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -107,6 +136,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -114,8 +144,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -154,8 +184,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -181,12 +211,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -196,11 +226,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -225,15 +255,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -242,7 +272,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -251,12 +281,12 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-darwin-amd64" ], @@ -271,7 +301,7 @@ "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -281,13 +311,13 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } @@ -299,7 +329,7 @@ { "name": "slsa-verifier-darwin-arm64", "digest": { - "sha256": "b55009be65f8f6dae4399522e4ab5685a5cfe0b72dca3134f12ba144b8860607" + "sha256": "ce1de214cb5ae24dfafce18640a0e7c4d2fbbd014bf4b2944a0c1b7b3cfa803a" } } ], @@ -310,9 +340,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -324,11 +354,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -344,11 +374,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -368,7 +398,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -384,6 +414,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -391,8 +422,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -431,8 +462,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -458,12 +489,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -473,11 +504,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -502,15 +533,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -519,7 +550,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -528,27 +559,27 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-darwin-arm64" ], "env": [ "GOOS=darwin", "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" + "CGO_ENABLED=0", + "GO111MODULE=on" ] } ], "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -558,13 +589,13 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } @@ -576,7 +607,7 @@ { "name": "slsa-verifier-linux-amd64", "digest": { - "sha256": "9883e4c7fd0fead95815de1533db62d1ae19daf9d333b359e192fc65ffb401b2" + "sha256": "e81900c9f11a44276e1552afb7c1f6ea7b13ad9c6efdb920d97f23a76659e25f" } } ], @@ -587,9 +618,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -601,11 +632,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -621,11 +652,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -645,7 +676,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -661,6 +692,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -668,8 +700,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -708,8 +740,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -735,12 +767,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -750,11 +782,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -779,15 +811,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -796,7 +828,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -805,12 +837,12 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-linux-amd64" ], @@ -825,7 +857,7 @@ "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -835,13 +867,13 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } @@ -853,7 +885,7 @@ { "name": "slsa-verifier-linux-arm64", "digest": { - "sha256": "bb025462acd9e93da32694e3ed82bfa57cb487a28c989a083caf2a3569d3cfbe" + "sha256": "8b9bcc51576a8f962a0f91f50bed8ca769563ef568a2e9997ca4cd59dc2e341a" } } ], @@ -864,9 +896,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -878,11 +910,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -898,11 +930,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -922,7 +954,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -938,6 +970,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -945,8 +978,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -985,8 +1018,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -1012,12 +1045,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -1027,11 +1060,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -1056,15 +1089,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -1073,7 +1106,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -1082,12 +1115,12 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-linux-arm64" ], @@ -1102,7 +1135,7 @@ "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -1112,13 +1145,13 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } @@ -1130,7 +1163,7 @@ { "name": "slsa-verifier-windows-amd64.exe", "digest": { - "sha256": "a8ea35a4abf450f3828d42cf0b9be3628692508184bec8610a472a7bf4afc843" + "sha256": "cda4a71f6e6fbfb32aa5b461b650d807503ad509145dc0df9b68adb9e23e674f" } } ], @@ -1141,9 +1174,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -1155,11 +1188,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -1175,11 +1208,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -1199,7 +1232,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -1215,6 +1248,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -1222,8 +1256,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -1262,8 +1296,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -1289,12 +1323,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -1304,11 +1338,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -1333,15 +1367,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -1350,7 +1384,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -1359,12 +1393,12 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-windows-amd64.exe" ], @@ -1379,7 +1413,7 @@ "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -1389,13 +1423,13 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } @@ -1407,7 +1441,7 @@ { "name": "slsa-verifier-windows-arm64.exe", "digest": { - "sha256": "b14cd8228fecabe53e3676ec2d94b53d7aee11f6f5a8dabbe07e840143d48e8d" + "sha256": "8f0b03c01271c7228e99f21c89b99c0b02dc0cc7bdce0fe842af1dc7554d644f" } } ], @@ -1418,9 +1452,9 @@ "buildType": "https://github.com/slsa-framework/slsa-github-generator/go@v1", "invocation": { "configSource": { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "entryPoint": ".github/workflows/release.yml" }, @@ -1432,11 +1466,11 @@ "github_base_ref": "", "github_event_name": "push", "github_event_payload": { - "after": "73d1bcba982de0f644baec83df839399d13f472e", + "after": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "base_ref": "refs/heads/main", "before": "0000000000000000000000000000000000000000", "commits": [], - "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.0", + "compare": "https://github.com/slsa-framework/slsa-verifier/compare/v2.4.1", "created": true, "deleted": false, "forced": false, @@ -1452,11 +1486,11 @@ "username": "web-flow" }, "distinct": true, - "id": "73d1bcba982de0f644baec83df839399d13f472e", - "message": "fix: release failure (#697)\n\nSigned-off-by: laurentsimon ", - "timestamp": "2023-08-24T15:58:45-07:00", - "tree_id": "d2cb05a78e786bae14eb5882770089b68068c12e", - "url": "https://github.com/slsa-framework/slsa-verifier/commit/73d1bcba982de0f644baec83df839399d13f472e" + "id": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", + "message": "docs: update release doc and rm binary (#716)\n\nSigned-off-by: laurentsimon ", + "timestamp": "2023-10-16T13:44:13-07:00", + "tree_id": "b70b194feb7247be9885bfff95f9640c84d0b8f5", + "url": "https://github.com/slsa-framework/slsa-verifier/commit/7e1e47d7d793930ab0082c15c2b971fdb53a3c95" }, "organization": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -1476,7 +1510,7 @@ "email": "64505099+laurentsimon@users.noreply.github.com", "name": "laurentsimon" }, - "ref": "refs/tags/v2.4.0", + "ref": "refs/tags/v2.4.1", "repository": { "allow_forking": true, "archive_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/{archive_format}{/ref}", @@ -1492,6 +1526,7 @@ "contents_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contents/{+path}", "contributors_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/contributors", "created_at": 1648242107, + "custom_properties": {}, "default_branch": "main", "deployments_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/deployments", "description": "Verify provenance from SLSA compliant builders", @@ -1499,8 +1534,8 @@ "downloads_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/downloads", "events_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/events", "fork": false, - "forks": 34, - "forks_count": 34, + "forks": 35, + "forks_count": 35, "forks_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/forks", "full_name": "slsa-framework/slsa-verifier", "git_commits_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/commits{/sha}", @@ -1539,8 +1574,8 @@ "name": "slsa-verifier", "node_id": "R_kgDOHEMl0g", "notifications_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/notifications{?since,all,participating}", - "open_issues": 119, - "open_issues_count": 119, + "open_issues": 123, + "open_issues_count": 123, "organization": "slsa-framework", "owner": { "avatar_url": "https://avatars.githubusercontent.com/u/80431187?v=4", @@ -1566,12 +1601,12 @@ }, "private": false, "pulls_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/pulls{/number}", - "pushed_at": 1692982103, + "pushed_at": 1699396985, "releases_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/releases{/id}", - "size": 89668, + "size": 88467, "ssh_url": "git@github.com:slsa-framework/slsa-verifier.git", - "stargazers": 132, - "stargazers_count": 132, + "stargazers": 170, + "stargazers_count": 170, "stargazers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/stargazers", "statuses_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/statuses/{sha}", "subscribers_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/subscribers", @@ -1581,11 +1616,11 @@ "teams_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/teams", "topics": [], "trees_url": "https://api.github.com/repos/slsa-framework/slsa-verifier/git/trees{/sha}", - "updated_at": "2023-08-22T02:50:28Z", + "updated_at": "2023-10-17T17:58:10Z", "url": "https://github.com/slsa-framework/slsa-verifier", "visibility": "public", - "watchers": 132, - "watchers_count": 132, + "watchers": 170, + "watchers_count": 170, "web_commit_signoff_required": true }, "sender": { @@ -1610,15 +1645,15 @@ } }, "github_head_ref": "", - "github_ref": "refs/tags/v2.4.0", + "github_ref": "refs/tags/v2.4.1", "github_ref_type": "tag", "github_repository_id": "474162642", "github_repository_owner": "slsa-framework", "github_repository_owner_id": "80431187", "github_run_attempt": "1", - "github_run_id": "5978382772", - "github_run_number": "434", - "github_sha1": "73d1bcba982de0f644baec83df839399d13f472e", + "github_run_id": "6791195934", + "github_run_number": "511", + "github_sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95", "os": "ubuntu22" } }, @@ -1627,7 +1662,7 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "mod", "vendor" ], @@ -1636,27 +1671,27 @@ { "workingDir": "/home/runner/work/slsa-verifier/slsa-verifier/__PROJECT_CHECKOUT_DIR__/cli/slsa-verifier", "command": [ - "/opt/hostedtoolcache/go/1.20.7/x64/bin/go", + "/opt/hostedtoolcache/go/1.20.10/x64/bin/go", "build", "-mod=vendor", "-trimpath", "-tags=netgo", - "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.0", + "-ldflags=-X sigs.k8s.io/release-utils/version.gitVersion=2.4.1", "-o", "slsa-verifier-windows-arm64.exe" ], "env": [ "GOOS=windows", "GOARCH=arm64", - "GO111MODULE=on", - "CGO_ENABLED=0" + "CGO_ENABLED=0", + "GO111MODULE=on" ] } ], "version": 1 }, "metadata": { - "buildInvocationID": "5978382772-1", + "buildInvocationID": "6791195934-1", "completeness": { "parameters": true, "environment": false, @@ -1666,25 +1701,26 @@ }, "materials": [ { - "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.0", + "uri": "git+https://github.com/slsa-framework/slsa-verifier@refs/tags/v2.4.1", "digest": { - "sha1": "73d1bcba982de0f644baec83df839399d13f472e" + "sha1": "7e1e47d7d793930ab0082c15c2b971fdb53a3c95" } }, { - "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20230821.1.0" + "uri": "https://github.com/actions/virtual-environments/releases/tag/ubuntu22/20231030.2.0" } ] } } - ] + ], + "npm Registry": [] } }, "checks": { "summary": { "DISABLED": 0, "FAILED": 2, - "PASSED": 8, + "PASSED": 7, "SKIPPED": 0, "UNKNOWN": 0 }, @@ -1733,12 +1769,12 @@ ], "justification": [ "Found provenance in release assets:", - "slsa-verifier-darwin-amd64.intoto.jsonl", - "slsa-verifier-darwin-arm64.intoto.jsonl", - "slsa-verifier-linux-amd64.intoto.jsonl", - "slsa-verifier-linux-arm64.intoto.jsonl", - "slsa-verifier-windows-amd64.exe.intoto.jsonl", - "slsa-verifier-windows-arm64.exe.intoto.jsonl" + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437052", + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437111", + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437099", + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437059", + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437166", + "https://api.github.com/repos/slsa-framework/slsa-verifier/releases/assets/134437048" ], "result_type": "PASSED" }, @@ -1753,21 +1789,6 @@ ], "result_type": "PASSED" }, - { - "check_id": "mcn_provenance_level_three_1", - "check_description": "Check whether the target has SLSA provenance level 3.", - "slsa_requirements": [ - "Provenance - Non falsifiable - SLSA Level 3", - "Provenance content - Includes all build parameters - SLSA Level 3", - "Provenance content - Identifies entry point - SLSA Level 3", - "Provenance content - Identifies source code - SLSA Level 2" - ], - "justification": [ - "Successfully verified level 3: ", - "verify passed : slsa-verifier-darwin-amd64,verify passed : slsa-verifier-darwin-arm64,verify passed : slsa-verifier-linux-amd64,verify passed : slsa-verifier-linux-arm64,verify passed : slsa-verifier-windows-amd64.exe,verify passed : slsa-verifier-windows-arm64.exe" - ], - "result_type": "PASSED" - }, { "check_id": "mcn_trusted_builder_level_three_1", "check_description": "Check whether the target uses a trusted SLSA level 3 builder.", @@ -1831,7 +1852,7 @@ "unique_dep_repos": 0, "checks_summary": [ { - "check_id": "mcn_provenance_expectation_1", + "check_id": "mcn_version_control_system_1", "num_deps_pass": 0 }, { @@ -1839,7 +1860,7 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_available_1", + "check_id": "mcn_build_as_code_1", "num_deps_pass": 0 }, { @@ -1847,23 +1868,23 @@ "num_deps_pass": 0 }, { - "check_id": "mcn_build_as_code_1", + "check_id": "mcn_trusted_builder_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_version_control_system_1", + "check_id": "mcn_provenance_level_three_1", "num_deps_pass": 0 }, { - "check_id": "mcn_trusted_builder_level_three_1", + "check_id": "mcn_build_script_1", "num_deps_pass": 0 }, { - "check_id": "mcn_build_script_1", + "check_id": "mcn_provenance_expectation_1", "num_deps_pass": 0 }, { - "check_id": "mcn_provenance_level_three_1", + "check_id": "mcn_provenance_available_1", "num_deps_pass": 0 }, { diff --git a/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json b/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json new file mode 100644 index 000000000..67f061f74 --- /dev/null +++ b/tests/policy_engine/expected_results/scorecard/scorecard_policy_report.json @@ -0,0 +1,16 @@ +{ + "component_satisfies_policy": [ + [ + "1", + "pkg:github/ossf/scorecard@v4.13.1", + "auth-provenance" + ] + ], + "passed_policies": [ + [ + "auth-provenance" + ] + ], + "component_violates_policy": [], + "failed_policies": [] +} diff --git a/tests/policy_engine/resources/policies/valid/slsa-verifier.dl b/tests/policy_engine/resources/policies/scorecard/scorecard.dl similarity index 65% rename from tests/policy_engine/resources/policies/valid/slsa-verifier.dl rename to tests/policy_engine/resources/policies/scorecard/scorecard.dl index 4e83f399c..0dba061e5 100644 --- a/tests/policy_engine/resources/policies/valid/slsa-verifier.dl +++ b/tests/policy_engine/resources/policies/scorecard/scorecard.dl @@ -1,8 +1,8 @@ -/* Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. */ +/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */ /* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */ #include "prelude.dl" Policy("auth-provenance", component_id, "") :- check_passed(component_id, "mcn_provenance_level_three_1"). -apply_policy_to("auth-provenance", component_id) :- is_component(component_id, "pkg:github.com/slsa-framework/slsa-verifier@fc50b662fcfeeeb0e97243554b47d9b20b14efac"). +apply_policy_to("auth-provenance", component_id) :- is_component(component_id, "pkg:github/ossf/scorecard@v4.13.1"). diff --git a/tests/slsa_analyzer/checks/test_registry.py b/tests/slsa_analyzer/checks/test_registry.py index 8d9be045f..4248a65ec 100644 --- a/tests/slsa_analyzer/checks/test_registry.py +++ b/tests/slsa_analyzer/checks/test_registry.py @@ -1,16 +1,20 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module contains the tests for the Registry class.""" +import os import queue from graphlib import TopologicalSorter +from pathlib import Path from unittest import TestCase from unittest.mock import patch +import pytest from hypothesis import given from hypothesis.strategies import SearchStrategy, binary, booleans, integers, lists, none, one_of, text, tuples +from macaron.config.defaults import load_defaults from macaron.slsa_analyzer.analyze_context import AnalyzeContext from macaron.slsa_analyzer.checks.base_check import BaseCheck from macaron.slsa_analyzer.checks.check_result import CheckResultData, CheckResultType @@ -24,6 +28,35 @@ def run_check(self, ctx: AnalyzeContext) -> CheckResultData: return CheckResultData(justification=[], result_tables=[], result_type=CheckResultType.UNKNOWN) +# pylint: disable=protected-access +@pytest.fixture(name="check_registry") +def check_registry_fixture() -> Registry: + """Return a registry instance with sample checks registered. + + Returns + ------- + Registry + The sample registry instance. + """ + # Refresh Registry static variables before each test case + Registry._all_checks_mapping = {} + Registry._check_relationships_mapping = {} + Registry._graph = TopologicalSorter() + Registry._is_graph_ready = False + + registry = Registry() + registry.register(BaseCheck("mcn_a_1", "Depend on b", [("mcn_b_1", CheckResultType.PASSED)])) # type: ignore + registry.register(BaseCheck("mcn_b_1", "Depend on c", [("mcn_c_1", CheckResultType.PASSED)])) # type: ignore + registry.register(BaseCheck("mcn_c_1", "Depend on d", [("mcn_d_1", CheckResultType.PASSED)])) # type: ignore + registry.register(BaseCheck("mcn_d_1", "Depend on e", [("mcn_e_1", CheckResultType.PASSED)])) # type: ignore + registry.register(BaseCheck("mcn_e_1", "Have no parent", [])) # type: ignore + registry.register(BaseCheck("mcn_f_1", "Depend on c", [("mcn_c_1", CheckResultType.FAILED)])) # type: ignore + registry.register(BaseCheck("mcn_g_1", "Depend on h", [("mcn_h_1", CheckResultType.FAILED)])) # type: ignore + registry.register(BaseCheck("mcn_h_1", "Depend on i", [("mcn_i_1", CheckResultType.FAILED)])) # type: ignore + registry.register(BaseCheck("mcn_i_1", "Have no parent", [])) # type: ignore + return registry + + # pylint: disable=protected-access class TestRegistry(TestCase): """This class tests the Registry module.""" @@ -200,3 +233,183 @@ def test_validate_check_id_format(self) -> None: assert all(Registry._validate_check_id_format(check_id) for check_id in valid_ids) assert all(not Registry._validate_check_id_format(check_id) for check_id in invalid_ids) + + +@pytest.mark.parametrize( + ("ex_pats", "in_pats", "final_checks"), + [ + ( + [], + ["*"], + ["mcn_a_1", "mcn_b_1", "mcn_c_1", "mcn_d_1", "mcn_e_1", "mcn_f_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"], + ), + ( + [], + ["*", "*"], + ["mcn_a_1", "mcn_b_1", "mcn_c_1", "mcn_d_1", "mcn_e_1", "mcn_f_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"], + ), + ( + [], + ["mcn_?_1"], + ["mcn_a_1", "mcn_b_1", "mcn_c_1", "mcn_d_1", "mcn_e_1", "mcn_f_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"], + ), + ( + [], + ["mcn_[cf]_1"], + ["mcn_c_1", "mcn_f_1", "mcn_d_1", "mcn_e_1"], + ), + ([], [], []), + (["*"], [], []), + (["*"], ["*"], []), + (["*", "*", "*"], ["*", "*"], []), + ( + [], + ["mcn_a_1", "mcn_b_1", "mcn_c_1", "mcn_d_1", "mcn_e_1", "mcn_f_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"], + ["mcn_a_1", "mcn_b_1", "mcn_c_1", "mcn_d_1", "mcn_e_1", "mcn_f_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"], + ), + (["mcn_c_1"], ["*"], ["mcn_d_1", "mcn_e_1", "mcn_g_1", "mcn_h_1", "mcn_i_1"]), + ([], ["mcn_c_1"], ["mcn_c_1", "mcn_d_1", "mcn_e_1"]), + (["mcn_d_1"], ["mcn_c_1"], ["mcn_e_1"]), + (["mcn_*"], ["*"], []), + ], +) +def test_get_final_checks( + check_registry: Registry, ex_pats: list[str], in_pats: list[str], final_checks: list[str] +) -> None: + """This method tests the get_final_checks method.""" + assert sorted(check_registry.get_final_checks(ex_pats=ex_pats, in_pats=in_pats)) == sorted(final_checks) + + +@pytest.mark.parametrize( + ("check_id", "children"), + [ + ( + "mcn_a_1", + [], + ), + ( + "mcn_b_1", + ["mcn_a_1"], + ), + ( + "mcn_c_1", + ["mcn_f_1", "mcn_b_1"], + ), + ], +) +def test_get_children(check_registry: Registry, check_id: str, children: set[str]) -> None: + """This method test the get_children method.""" + result = sorted(check_registry.get_children(check_id)) + expect = sorted(children) + assert result == expect + + +@pytest.mark.parametrize( + ("check_id", "parent"), + [ + ( + "mcn_a_1", + ["mcn_b_1"], + ), + ( + "mcn_b_1", + ["mcn_c_1"], + ), + ( + "mcn_e_1", + [], + ), + ], +) +def test_get_parents(check_registry: Registry, check_id: str, parent: set[str]) -> None: + """This method test the get_children method.""" + result = sorted(check_registry.get_parents(check_id)) + expect = sorted(parent) + assert result == expect + + +@pytest.mark.parametrize( + ("user_config_input"), + [ + pytest.param( + """ + [analysis.checks] + exclude = * + include = * + """, + id="Exclude every checks", + ), + pytest.param( + """ + [analysis.checks] + exclude = + include = + """, + id="No check is included", + ), + pytest.param( + """ + [analysis.checks] + exclude = * + include = + """, + id="No check is included and no check is included", + ), + ], +) +def test_invalid_exclude_include_from_defaults( + tmp_path: Path, + check_registry: Registry, + user_config_input: str, +) -> None: + """Test Registry.prepare on invalid exclude/include check config. + + An invalid exclude/include check config means that it results in no run check. + """ + user_config_path = os.path.join(tmp_path, "config.ini") + with open(user_config_path, "w", encoding="utf-8") as user_config_file: + user_config_file.write(user_config_input) + + load_defaults(user_config_path) + assert not check_registry.prepare() + + +@pytest.mark.parametrize( + ("start_node", "expected"), + [ + ("A", ["A", "B", "C", "D", "E", "F", "H"]), + ("B", ["B", "D"]), + ("C", ["C", "F", "E", "H"]), + ("D", ["D"]), + ("E", ["E"]), + ("F", ["F", "H"]), + ("G", ["G", "C", "E", "F", "H"]), + ("H", ["H"]), + ], +) +def test_get_transitive_closure(start_node: str, expected: list[str]) -> None: + """This method test get_transitive_closure method.""" + + def get_successors(start: str) -> set[str]: + match start: + case "A": + return {"B", "C"} + case "B": + return {"D"} + case "C": + return {"E", "F"} + case "G": + return {"C", "H"} + case "F": + return {"H"} + case "D" | "E" | "H": + return set() + case _: + return set() + + assert sorted( + Registry.get_reachable_nodes( + node=start_node, + get_successors=get_successors, + ) + ) == sorted(expected) diff --git a/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue b/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue new file mode 100644 index 000000000..773e70151 --- /dev/null +++ b/tests/slsa_analyzer/provenance/expectations/cue/resources/valid_expectations/scorecard_PASS.cue @@ -0,0 +1,11 @@ +{ + target: "pkg:github/ossf/scorecard", + predicate: { + invocation: { + configSource: { + uri: =~"^git\\+https://github.com/ossf/scorecard@refs/tags/v[0-9]+.[0-9]+.[0-9a-z]+$" + entryPoint: ".github/workflows/goreleaser.yaml" + } + } + } +} diff --git a/tests/slsa_analyzer/runner/test_runner.py b/tests/slsa_analyzer/runner/test_runner.py index dae749966..dd0fa26ef 100644 --- a/tests/slsa_analyzer/runner/test_runner.py +++ b/tests/slsa_analyzer/runner/test_runner.py @@ -1,4 +1,4 @@ -# Copyright (c) 2022 - 2023, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2022 - 2024, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. """This module contains the tests for the Runner module.""" @@ -124,6 +124,6 @@ def test_runner(self) -> None: repository=Repository(complete_name="github.com/package-url/purl-spec", fs_path=""), ) target = AnalyzeContext(component=component) - results = registry.scan(target, []) + results = registry.scan(target) assert results["mcn_e_1"].result.result_type == results["mcn_d_1"].result.result_type == CheckResultType.SKIPPED diff --git a/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json b/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json new file mode 100644 index 000000000..2d8288940 --- /dev/null +++ b/tests/vsa/integration/github_slsa-framework_scorecard/vsa_payload.json @@ -0,0 +1,24 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "uri": "pkg:github/ossf/scorecard@v4.13.1" + } + ], + "predicateType": "https://slsa.dev/verification_summary/v1", + "predicate": { + "verifier": { + "id": "https://github.com/oracle/macaron", + "version": { + "macaron": "0.7.0" + } + }, + "timeVerified": "2024-02-16T06:03:16.417400+00:00", + "resourceUri": "pkg:github/ossf/scorecard@v4.13.1", + "policy": { + "content": "/* Copyright (c) 2024 - 2024, Oracle and/or its affiliates. All rights reserved. */\n/* Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. */\n\n\n#include \"prelude.dl\"\n\nPolicy(\"auth-provenance\", component_id, \"\") :- check_passed(component_id, \"mcn_provenance_level_three_1\").\napply_policy_to(\"auth-provenance\", component_id) :- is_component(component_id, \"pkg:github/ossf/scorecard@v4.13.1\").\n" + }, + "verificationResult": "PASSED", + "verifiedLevels": [] + } +}