Bug#1019904: ITP: slsa-verifier -- Verifies SLSA provenance (slsa.dev)
Package: wnpp
Severity: wishlist
Owner: Laurent Simon <laurentsimon@google.com>
X-Debbugs-Cc: debian-devel@lists.debian.org, laurentsimon@google.com
* Package name : slsa-verifier
Version : 2.0.0
* URL : https://github.com/slsa-framework/slsa-verifier
* License : Apache License 2.0
* Programming Lang: Go
Description : Verifies SLSA provenance
Supply chain Levels for Software Artifacts, or SLSA (salsa).
It’s a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
The slsa-verifier project is a utility to verify SLSA provenance generated by builders:
- Google Cloud Builders
- GitHub native builders
(https://github.com/slsa-framework/slsa-github-generator).
How do you plan to maintain it? Inside the Go packaging team
Are you looking for co-maintainers? No
Do you need a sponsor? I already have one.
Reply to: