[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1019904: ITP: slsa-verifier -- Verifies SLSA provenance (slsa.dev)

Package: wnpp
Severity: wishlist
Owner: Laurent Simon <laurentsimon@google.com>
X-Debbugs-Cc: debian-devel@lists.debian.org, laurentsimon@google.com

* Package name    : slsa-verifier
  Version         : 2.0.0
* URL             : https://github.com/slsa-framework/slsa-verifier
* License         : Apache License 2.0
* Programming Lang: Go
  Description     : Verifies SLSA provenance

Supply chain Levels for Software Artifacts, or SLSA (salsa).
It’s a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.

The slsa-verifier project is a utility to verify SLSA provenance generated by builders:
- Google Cloud Builders
- GitHub native builders

How do you plan to maintain it? Inside the Go packaging team

Are you looking for co-maintainers? No

Do you need a sponsor? I already have one.

Reply to: