Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Obtain the triggering build workflows from provenances for static analysis #730

Open
behnazh-w opened this issue May 3, 2024 · 0 comments
Labels
build_tools The issues related to build tool support checks The issues related to Macaron checks

Comments

@behnazh-w
Copy link
Member

We need to implement a new feature to obtain the GitHub Actions workflow that has triggered a build/replease from the SLSA provenance (or build command from the Witness provenance) and use that in the build checks instead of analyzing all the Actions. This would let us to use the most accurate workflows in the static analysis and get more benefit from the provenances if they are available.

@behnazh-w behnazh-w added checks The issues related to Macaron checks build_tools The issues related to build tool support labels May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
build_tools The issues related to build tool support checks The issues related to Macaron checks
Projects
None yet
Development

No branches or pull requests

1 participant