Skip to content

Obtain the triggering build workflows from provenances for static analysis #730

New issue
New issue
Open
Open
Obtain the triggering build workflows from provenances for static analysis#730
Labels
build_toolsThe issues related to build tool supportchecksThe issues related to Macaron checks
@behnazh-w

Description

@behnazh-w
behnazh-w
opened on May 3, 2024

We need to implement a new feature to obtain the GitHub Actions workflow that has triggered a build/replease from the SLSA provenance (or build command from the Witness provenance) and use that in the build checks instead of analyzing all the Actions. This would let us to use the most accurate workflows in the static analysis and get more benefit from the provenances if they are available.

Metadata

Metadata

Assignees

No one assigned

    Labels

    build_toolsThe issues related to build tool supportchecksThe issues related to Macaron checks

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions