{"id":28488059,"url":"https://github.com/slsa-framework/example-package","last_synced_at":"2026-03-12T04:07:12.647Z","repository":{"id":37057231,"uuid":"486325809","full_name":"slsa-framework/example-package","owner":"slsa-framework","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-09T07:24:18.000Z","size":48193,"stargazers_count":21,"open_issues_count":38,"forks_count":26,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-09T07:30:34.271Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/slsa-framework.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2022-04-27T19:30:43.000Z","updated_at":"2026-03-09T06:31:54.000Z","dependencies_parsed_at":"2024-01-29T19:38:50.845Z","dependency_job_id":"149ae6f5-afd2-41ed-9e2b-683820c0a1a6","html_url":"https://github.com/slsa-framework/example-package","commit_stats":{"total_commits":18330,"total_committers":21,"mean_commits":872.8571428571429,"dds":"0.10572831423895257","last_synced_commit":"18242554def46aa53c07570287686a21f96d7528"},"previous_names":[],"tags_count":19958,"template":false,"template_full_name":null,"purl":"pkg:github/slsa-framework/example-package","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fexample-package","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fexample-package/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fexample-package/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fexample-package/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/slsa-framework","download_url":"https://codeload.github.com/slsa-framework/example-package/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/slsa-framework%2Fexample-package/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30415042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T00:40:14.898Z","status":"online","status_checked_at":"2026-03-12T02:00:07.260Z","response_time":114,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T05:08:44.364Z","updated_at":"2026-03-12T04:07:12.633Z","avatar_url":"https://github.com/slsa-framework.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Example project for SLSA\n\nExample project builds a simple binary using a variety of [SLSA]-compliant\nbuilders.\n\nThe code is built using `bazelisk build`:\n\n- Bazelisk reads [.bazelversion], fetches the correct version of Bazel, and\n  then runs `bazel build`.\n- Bazel reads [WORKSPACE], fetches the rules_go module, and then compiles the\n  `hello` binary.\n\nFor GitHub Actions-based builds, the artifact is uploaded using\n[actions/upload-artifact].\n\n[.bazelversion]: .bazelversion\n[SLSA]: https://slsa.dev\n[WORKSPACE]: WORKSPACE\n[actions/upload-artifact]: https://github.com/actions/upload-artifact\n\n## Builders\n\n- [github-actions-demo.yaml](.github/workflows/github-actions-demo.yaml)\n  ([results](https://github.com/slsa-framework/example-package/actions/workflows/github-actions-demo.yaml)):\n  SLSA 1 provenance generated on GitHub Actions using\n  https://github.com/slsa-framework/github-actions-demo.\n- [slsa-github-generator.yaml](.github/workflows/slsa-github-generator.yaml)\n  ([results](https://github.com/slsa-framework/example-package/actions/workflows/slsa-github-generator.yaml)):\n  SLSA 2 provenance generated on GitHub Actions using\n  https://github.com/slsa-framework/slsa-github-generator.\n\n## slsa-github-generator e2e test status\n\n### Project health\n\n[![golangci-lint](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.golangci-lint.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.golangci-lint.yml) [![shellcheck](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.shellcheck.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.shellcheck.yml) [![yamllint](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.yamllint.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.yamllint.yml) [![actionlint](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.actionlint.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.actionlint.yml)\n\n### Node.js builder e2e tests\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eEvent\u003c/th\u003e\n      \u003cth\u003eName\u003c/th\u003e\n      \u003cth\u003eStatus\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ecreate\u003c/td\u003e\n      \u003ctd\u003e\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.create.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.create.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.create.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd rowspan=\"8\"\u003epush\u003c/td\u003e\n      \u003ctd\u003edefault branch\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ecustom publish\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.custom_publish.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.main.custom_publish.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.custom_publish.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eNode 16\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.node16.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.main.node16.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.node16.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eNode 18\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.node18.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.main.node18.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.node18.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003enpm dist-tag\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.disttag.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.main.disttag.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.main.disttag.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003enon-default branch\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.branch1.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.push.branch1.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.push.branch1.default.slsa3.yml/badge.svg?branch=branch1\u0026event=push\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epush to tag\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.tag.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.tag.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.tag.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epush to tag (unscoped package)\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.tag.main.unscoped.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.tag.main.unscoped.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.tag.main.unscoped.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003erelease\u003c/td\u003e\n      \u003ctd\u003e\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.release.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.release.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.release.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eworkflow_dispatch\u003c/td\u003e\n      \u003ctd\u003e\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.workflow_dispatch.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.nodejs.workflow_dispatch.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.nodejs.workflow_dispatch.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### BYOB generic permissions builder e2e tests\n\n\u003ctable\u003e\n  \u003cthead\u003e\n    \u003ctr\u003e\n      \u003cth\u003eEvent\u003c/th\u003e\n      \u003cth\u003eName\u003c/th\u003e\n      \u003cth\u003eStatus\u003c/th\u003e\n    \u003c/tr\u003e\n  \u003c/thead\u003e\n  \u003ctbody\u003e\n    \u003ctr\u003e\n      \u003ctd rowspan=\"2\"\u003ecreate\u003c/td\u003e\n      \u003ctd\u003edefault\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.create.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.create.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.create.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003ewith sha1\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.create.main.checkout.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.create.main.checkout.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.create.main.checkout.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd rowspan=\"2\"\u003epush\u003c/td\u003e\n      \u003ctd\u003edefault branch\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.push.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.push.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.push.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003epush to tag\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.tag.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.tag.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.tag.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd rowspan=\"2\"\u003erelease\u003c/td\u003e\n      \u003ctd\u003edefault\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.release.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.release.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.release.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003eWith sha1\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.release.main.checkout.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.release.main.checkout.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.release.main.checkout.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd rowspan=\"4\"\u003eworkflow_dispatch\u003c/td\u003e\n      \u003ctd\u003edefault branch\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.main.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.workflow_dispatch.main.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.main.default.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003edefault branch w/ sha1\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.main.checkout.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.workflow_dispatch.main.checkout.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.main.checkout.slsa3.yml/badge.svg\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003enon-default branch\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.branch1.default.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.workflow_dispatch.branch1.default.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.branch1.default.slsa3.yml/badge.svg?branch=branch1\u0026event=workflow_dispatch\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n    \u003ctr\u003e\n      \u003ctd\u003enon-default branch w/ sha1\u003c/td\u003e\n      \u003ctd\u003e\u003ca href=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.branch1.checkout.slsa3.yml\"\u003e\u003cimg alt=\".github/workflows/e2e.delegator-generic.workflow_dispatch.branch1.checkout.slsa3.yml\" src=\"https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-generic.workflow_dispatch.branch1.checkout.slsa3.yml/badge.svg?branch=branch1\u0026event=workflow_dispatch\" /\u003e\u003c/a\u003e\u003c/td\u003e\n    \u003c/tr\u003e\n  \u003c/tbody\u003e\n\u003c/table\u003e\n\n### BYOB low permissions builder e2e tests\n\n| Event             | Status                                                                                                                                                                                                                                                                                                                                                                                             |\n| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n| workflow_dispatch | [![.github/workflows/e2e.delegator-lowperms.workflow_dispatch.main.default.slsa3.yml](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.workflow_dispatch.main.default.slsa3.yml/badge.svg?event=workflow_dispatch)](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.workflow_dispatch.main.default.slsa3.yml) |\n| release           | [![.github/workflows/e2e.delegator-lowperms.release.main.default.slsa3.yml](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.release.main.default.slsa3.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.release.main.default.slsa3.yml)                                                       |\n| create            | [![.github/workflows/e2e.delegator-lowperms.create.main.default.slsa3.yml](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.create.main.default.slsa3.yml/badge.svg)](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.create.main.default.slsa3.yml)                                                          |\n| push              | [![.github/workflows/e2e.delegator-lowperms.push.main.default.slsa3.yml](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.push.main.default.slsa3.yml/badge.svg?event=push)](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.push.main.default.slsa3.yml)                                                     |\n| tag               | [![.github/workflows/e2e.delegator-lowperms.tag.main.default.slsa3.yml](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.tag.main.default.slsa3.yml/badge.svg?event=push)](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.tag.main.default.slsa3.yml)                                                        |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslsa-framework%2Fexample-package","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fslsa-framework%2Fexample-package","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fslsa-framework%2Fexample-package/lists"}