Releases: slsa-framework/slsa-verifier
Releases · slsa-framework/slsa-verifier
v1.0.4
v1.3.1
v1.2.1
fix: make client shard aware when verifying (#279) Signed-off-by: Asra Ali <asraa@google.com> Signed-off-by: Asra Ali <asraa@google.com>
v1.0.3
v1.3.0
What's Changed
- release: add notes for release v1.2.0 by @asraa in #171
- feat: fix renovatebot tags by @laurentsimon in #170
- chore(deps): update github-actions by @renovate-bot in #165
- Releases url fix by @cdris in #172
- fix(deps): update module github.com/sigstore/rekor to v0.10.0 by @renovate-bot in #178
- fix(deps): update module github.com/sigstore/sigstore to v1.3.1 by @renovate-bot in #177
- chore(deps): update github-actions by @renovate-bot in #175
- fix(deps): update module github.com/google/trillian to v1.4.2 by @renovate-bot in #176
- chore(deps): update github/codeql-action action to v2 by @renovate-bot in #168
- feat: Create a verifier as a service by @laurentsimon in #182
- Fix version in README by @laurentsimon in #185
- feat: Create interface for verifiers by @laurentsimon in #187
- Never panic, always return error by @laurentsimon in #199
- chore(deps): update github/codeql-action action to v2.1.18 by @renovate-bot in #195
- fix(deps): update module github.com/sigstore/cosign to v1.10.1 by @renovate-bot in #198
- feat: make branch optional by @laurentsimon in #192
- update link to download the binary to use the latest release (v1.2.0) by @cpanato in #204
- feat: make builder-id flag experimental until fully tested by @laurentsimon in #207
- fix: use experimental flag value 1 by @asraa in #209
- ci: fix path to binary for release by @asraa in #210
- ci: add release workflow test at presubmit by @asraa in #212
- fix: fix dir in release config by @asraa in #217
- feat: add a
-workflow-inputoption by @laurentsimon in #216
New Contributors
Full Changelog: v1.2.0...v1.3.0
Contributors
cpanato, asraa, and 3 other contributors
Assets 4
v1.2.0
What's Changed
- Feature: Support verification with multiple subjects in #112
- Cleanup: Remove signing certificate output in #160
- Debug: Add error messages for debugging Rekor lookups in #159
- Testing: Added testing for v1.2.0 SLSA generic builder in #154
Full Changelog: v1.1.1...v1.2.0
Verification
go run . -artifact-path slsa-verifier-linux-amd64 -provenance slsa-verifier-linux-amd64.intoto.jsonl -source github.com/slsa-framework/slsa-verifier -tag v1.2.0
v1.0.2
What's Changed
- Bug fix: Backport fix to fetch branches on release triggers #146
Full Changelog: v1.0.1...v1.0.2
Verification
go run . -artifact-path slsa-verifier-linux-amd64 -provenance slsa-verifier-linux-amd64.intoto.jsonl -source github.com/slsa-framework/slsa-verifier -tag v1.0.2 -branch release/v1.0
v1.0.1
What's Changed
- Update to go 1.18
- Bug fix: Handle incompatible behavior change in Rekor entry retrieval responses to handle sharded UUIDs
Full Changelog: v1.0.0...v1.0.1
Verification
go run . -artifact-path slsa-verifier-linux-amd64 -provenance slsa-verifier-linux-amd64.intoto.jsonl -source github.com/slsa-framework/slsa-verifier -tag v1.0.1 -branch release/v1.0
v1.1.1
What's Changed
- Update to go 1.18
- Add support for verification without reliance on indexed rekor entries
- Retrieve branch on release triggers for verification
Full Changelog: v1.0.0...v1.1.1
v1.1.0
What's Changed
- Adds support to verify using an embedded certificate in the DSSE envelope. This avoids using a Redis index for searching for the signing certificate
To learn how to use it, see Verification of Provenance
This is meant to be used for GitHub workflow SLSA generation. Builders are located in slsa-github-generator.
Contributors
Contributors
ianlewis, naveensrinivasan, and 3 other contributors