New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correlate GHA provenance attestation with GitHub API #11

Open

2 tasks

trishankatdatadog opened this issue Jul 25, 2023 · 0 comments

Open

2 tasks

Correlate GHA provenance attestation with GitHub API #11

trishankatdatadog opened this issue Jul 25, 2023 · 0 comments

Assignees

Owner

trishankatdatadog commented Jul 25, 2023 •

edited

Loading

Check whether the GitHub Actions run actually exists and matches the recorded provenance metadata on Sigstore and NPM.

Check whether GHA was used.
Check whether the expected GitHub source code repository was used.

trishankatdatadog added this to Hekate v1.0

trishankatdatadog converted this from a draft issue

trishankatdatadog moved this to Todo in Hekate v1.0

trishankatdatadog assigned kommendorkapten, trishankatdatadog and hosseinsia

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment