https://github.com/slsa-framework/example-package
https://github.com/slsa-framework/example-package
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/slsa-framework/example-package
- Owner: slsa-framework
- License: apache-2.0
- Created: 2022-04-27T19:30:43.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2026-03-09T07:24:18.000Z (4 months ago)
- Last Synced: 2026-03-09T07:30:34.271Z (4 months ago)
- Language: TypeScript
- Size: 46 MB
- Stars: 21
- Watchers: 3
- Forks: 26
- Open Issues: 38
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: CODEOWNERS
Awesome Lists containing this project
README
# Example project for SLSA
Example project builds a simple binary using a variety of [SLSA]-compliant
builders.
The code is built using `bazelisk build`:
- Bazelisk reads [.bazelversion], fetches the correct version of Bazel, and
then runs `bazel build`.
- Bazel reads [WORKSPACE], fetches the rules_go module, and then compiles the
`hello` binary.
For GitHub Actions-based builds, the artifact is uploaded using
[actions/upload-artifact].
[.bazelversion]: .bazelversion
[SLSA]: https://slsa.dev
[WORKSPACE]: WORKSPACE
[actions/upload-artifact]: https://github.com/actions/upload-artifact
## Builders
- [github-actions-demo.yaml](.github/workflows/github-actions-demo.yaml)
([results](https://github.com/slsa-framework/example-package/actions/workflows/github-actions-demo.yaml)):
SLSA 1 provenance generated on GitHub Actions using
https://github.com/slsa-framework/github-actions-demo.
- [slsa-github-generator.yaml](.github/workflows/slsa-github-generator.yaml)
([results](https://github.com/slsa-framework/example-package/actions/workflows/slsa-github-generator.yaml)):
SLSA 2 provenance generated on GitHub Actions using
https://github.com/slsa-framework/slsa-github-generator.
## slsa-github-generator e2e test status
### Project health
[](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.golangci-lint.yml) [](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.shellcheck.yml) [](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.yamllint.yml) [](https://github.com/slsa-framework/example-package/actions/workflows/pre-submit.actionlint.yml)
### Node.js builder e2e tests
Event
Name
Status
create
push
default branch
custom publish
Node 16
Node 18
npm dist-tag
non-default branch
push to tag
push to tag (unscoped package)
release
workflow_dispatch
### BYOB generic permissions builder e2e tests
Event
Name
Status
create
default
with sha1
push
default branch
push to tag
release
default
With sha1
workflow_dispatch
default branch
default branch w/ sha1
non-default branch
non-default branch w/ sha1
### BYOB low permissions builder e2e tests
| Event | Status |
| ----------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| workflow_dispatch | [](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.workflow_dispatch.main.default.slsa3.yml) |
| release | [](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.release.main.default.slsa3.yml) |
| create | [](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.create.main.default.slsa3.yml) |
| push | [](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.push.main.default.slsa3.yml) |
| tag | [](https://github.com/slsa-framework/example-package/actions/workflows/e2e.delegator-lowperms.tag.main.default.slsa3.yml) |