go/goreleaser
go/goreleaser
1
0
Fork 0
mirror of https://github.com/goreleaser/goreleaser.git synced 2025-01-10 03:47:03 +02:00
Code Issues Releases Activity
5,198 Commits 8 Branches 558 Tags 41 MiB
7e481967b3
Commit Graph

11 Commits

Author SHA1 Message Date
Carlos Alexandro Becker
7e481967b3
docs: update users, blog posts divider 2023-12-04 13:51:23 -03:00
laurentsimon
b149223223
feat(docs): Update command in SLSA verification blog post (#4420) 
Great blog post! I added it to the documentation of the
https://github.com/slsa-framework/slsa-github-generator :)

This PR fixes the command to verify SLSA provenance in the blog post
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/.

The verification for binary artifacts is correct.

The verification for container images is incorrect:
- The command verifies the identity of the builder only, but it should
also verify the source repository
- The command does not verify the release version, which _may_ allows an
attacker to perform a downgrade attack. (not a super big deal, but still
useful to close this gap if the image was built on a tag trigger)

This follows the same steps on argoCD's documentation
https://argo-cd.readthedocs.io/en/stable/operator-manual/signed-release-assets/#verification-of-container-image-with-slsa-attestations

Thanks!

---------

Signed-off-by: laurentsimon <laurentsimon@google.com>
 2023-11-13 12:35:44 -03:00
Carlos Alexandro Becker
6b65ea5ca1
docs: update 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-11-07 00:39:45 +00:00
Batuhan Apaydın
a932dd85de
SLSA Provenance generation blog post (#4361) 
kindly ping @Dentrax

Signed-off-by: Batuhan Apaydin <batuhan.apaydin@chainguard.dev>
 2023-10-11 09:41:49 -03:00
Carlos Alexandro Becker
85e1458d6c
docs: release cadence post (#4329) 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-09-27 14:06:37 -03:00
Carlos Alexandro Becker
74b226db47
docs: reword 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-09-24 19:04:07 +00:00
Carlos Alexandro Becker
800ee694f6
docs: update announcement blog post 2023-09-23 05:31:42 +00:00
Carlos Alexandro Becker
e194d4cfca
docs: draft 1.21 announcement (#4310) 
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-09-23 00:50:05 -03:00
Carlos Alexandro Becker
027ddd3b17
docs: fix broken links 2023-09-15 01:06:58 +00:00
Carlos Alexandro Becker
3633b71eea
docs: fix some broken links (#4295) 
fixes some bad links.

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-09-14 21:54:55 -03:00
Carlos Alexandro Becker
f62adf23ff
docs: blog (#4264) 
Starting to move the blog from medium to mkdocs!

closes #3503

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
 2023-09-14 13:53:40 -03:00