Skip to content

Milestones

List view

  • Maven builder

    No due date
    0% complete0 open0 closed

  • Java/Maven Builder

    A new reusable workflow will be developed (likely in another repository) to build Maven packages. This will add a new Maven builder workflow which will allow OSS projects to generate provenance for their Maven projects that satisfies the provenance requirements for [SLSA Level 3](https://slsa.dev/spec/v0.1/levels). This workflow will use the [BYOB framework](https://github.com/slsa-framework/slsa-github-generator/milestone/11).

    Due by March 31, 2023
    0% complete0 open0 closed

  • Sigstore Stability Improvements

    Stability and testing improvements related to verification, the Sigstore TUF root, and the Rekor and CT transparency log.

    Due by December 31, 2022
    2/2 issues closed
    100% complete0 open2 closed

  • Node.js builder Beta

    This milestone will add a new reusable workflow to build and publish Node.js npm packages with that means the [provenance](https://slsa.dev/spec/v0.1/requirements#provenance-requirements) requirements for [SLSA Level 3](https://slsa.dev/spec/v0.1/levels) by simply adding a new job to their existing GitHub Actions workflow. This will serve as the "Trusted Builder" for npm [RFC-0049](https://github.com/npm/rfcs/blob/main/accepted/0049-link-packages-to-source-and-build.md). This milestone is for the beta release. See the [Node.js builder GA](https://github.com/slsa-framework/slsa-github-generator/milestone/17) milestone for the GA release.

    Due by April 30, 2023
    25/25 issues closed
    100% complete0 open25 closed

  • 2022 Stability improvements

    Improvements to stability, tests, and tooling.

    Due by December 31, 2022
    12/12 issues closed
    100% complete0 open12 closed

  • Generic support for containers

    General Availability for the [container generator](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container) reusable workflow. This will add a new container generator workflow which will allow OSS projects to generate provenance for their container images that satisfies the [provenance](https://slsa.dev/spec/v0.1/requirements#provenance-requirements) requirements for [SLSA Level 3](https://slsa.dev/spec/v0.1/levels) by simply adding a new job to their existing GitHub Actions workflow.

    Due by January 31, 2023
    24/25 issues closed
    96% complete1 open24 closed

  • GA for generic generator

    General Availability for [generic provenance generator](https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/generic) reusable workflow. This will add a new reusable workflow that allows OSS projects to generate provenance that satisfies the [provenance](https://slsa.dev/spec/v0.1/requirements#provenance-requirements) requirements for [SLSA Level 3](https://slsa.dev/spec/v0.1/levels) by simply adding a new job to their existing GitHub Actions workflows. It will support any language as long as the artifacts created during the build process are regular files.

    Due by August 31, 2022
    48/48 issues closed
    100% complete0 open48 closed

  • GA for Go builder

    Initial release version GA for Go builder

    No due date
    28/28 issues closed
    100% complete0 open28 closed