Mark Lodato
Mark Lodato
MD053 incorrectly complains about link references that are contained within square brackets. This is perfectly fine Markdown syntax, rendered correctly and parsed by MD051 (see below), but MD053 fails to...
MD051 currently only checks `` tags for `id="..."` attributes, but this requirement seems arbitrary. Any HTML element may have an `id` attribute to define an anchor. It seems like this...
Many common tags in HTML5, such as `` and ``, do not require a closing tag, but the current indent file cannot handle this case. For example, ``` a b...
This issue is for tracking and building consensus on what will go in the next version of the provenance spec, tentatively called v1.0. ### Current proposal [Schema changes](https://github.com/slsa-framework/slsa/issues?q=is%3Aopen+is%3Aissue+label%3Aspec-change+label%3Aprovenance): - #349...
GitHub Actions + Sigstore can be used to sign artifacts with an X.509 certificate containing the workflow's identity (repository + path + branch/tag). This works by having the workflow request...
In general, how should a builder record information about its own version in the provenance? From @laurentsimon on https://github.com/in-toto/in-toto-golang/issues/159 (with edits from me): > The [provenance](https://slsa.dev/provenance/v0.2) `builder` field only contains...
The Verification Summary Attestation should list the input attestations that it used as inputs to the decision. This gives us traceability and repeatability of the process. I'm thinking something like:...
SPDX 3.0 is developing a "build profile" that overlaps almost entirely with the SLSA Provenance schema. In other words, SPDX 3.0 will (hopefully) be able to express everything that SLSA...
This issue tracks acceptance of [Proposal 2: Project roadmap, May 2022](https://github.com/slsa-framework/slsa-proposals/blob/main/0002/README.md). If you have any questions or comments on the plan, feel free to add them here and I can...
*[Copied from in-toto/attestation/issues/29]* Currently all `materials` are lumped together (except `recipe.definedInMaterial`). It would be useful to be able to differentiate between different types of materials. We can probably look to...