Skip to content

content: draft: Add attested build environment track #1115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
marcelamelara merged 16 commits into from
Oct 21, 2024
Merged

content: draft: Add attested build environment track #1115

marcelamelara merged 16 commits into from
Oct 21, 2024

Conversation

@marcelamelara
Copy link
Contributor

@marcelamelara marcelamelara commented Aug 15, 2024
edited
Loading

This PR introduces the following spec changes associated with #975. The spec enhancements are being proposed as the new "build Environment track".

Spec changes: Adds new high-level build environment terminology and levels.

Part 1 of #975 CC @paveliak

@netlify
Copy link

netlify bot commented Aug 15, 2024
edited
Loading

Deploy Preview for slsa ready!

Name Link
🔨 Latest commit e5eda5a
🔍 Latest deploy log https://app.netlify.com/sites/slsa/deploys/6709c2d9b982fd0008a8f368
😎 Deploy Preview https://deploy-preview-1115--slsa.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@marcelamelara marcelamelara mentioned this pull request Aug 15, 2024
Closed
4 tasks
@marcelamelara marcelamelara force-pushed the attested-build-env-track branch 2 times, most recently from e505871 to 5a2a961 Compare August 15, 2024 23:36
@TomHennen
Copy link
Contributor

TomHennen commented Aug 16, 2024

FYI if you want to make the linter happy easily this might help. The linter caused me a ton of trouble until I figured this out.

TomHennen
TomHennen reviewed Aug 16, 2024
View reviewed changes
Copy link
Contributor

@TomHennen TomHennen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like where this is heading :)

@marcelamelara marcelamelara changed the title content: Attested build environment track content: Add attested build environment track Aug 16, 2024
@marcelamelara marcelamelara force-pushed the attested-build-env-track branch from cbf816f to 7a39858 Compare August 16, 2024 22:28
@marcelamelara marcelamelara self-assigned this Aug 20, 2024
@marcelamelara marcelamelara added the build-environment-track Issues/PRs related to the SLSA BuildEnv track label Aug 20, 2024
paveliak
paveliak reviewed Aug 26, 2024
View reviewed changes
This was referenced Aug 26, 2024
Open
Closed
haydentherapper
haydentherapper reviewed Aug 27, 2024
View reviewed changes
kommendorkapten
kommendorkapten reviewed Aug 29, 2024
View reviewed changes
@marcelamelara marcelamelara force-pushed the attested-build-env-track branch 2 times, most recently from dbc5dd1 to 8846927 Compare September 4, 2024 23:34
@marcelamelara marcelamelara force-pushed the attested-build-env-track branch 2 times, most recently from 8df324b to 08b92e8 Compare September 18, 2024 00:37
@marcelamelara marcelamelara marked this pull request as ready for review September 18, 2024 00:39
@marcelamelara marcelamelara requested review from a team, TomHennen and paveliak September 18, 2024 00:39
TomHennen
TomHennen reviewed Sep 18, 2024
View reviewed changes
Copy link
Contributor

@TomHennen TomHennen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these changes!

This generally LGTM, I would also like to see what @deeglaze thinks about it too.

deeglaze
deeglaze reviewed Sep 18, 2024
View reviewed changes
thirumalareddym
thirumalareddym reviewed Sep 20, 2024
View reviewed changes
@Danysharma00 Danysharma00 mentioned this pull request Sep 20, 2024
Closed
This was referenced Sep 23, 2024
Open
Open
deeglaze
deeglaze reviewed Sep 29, 2024
View reviewed changes
marcelamelara and others added 7 commits October 11, 2024 11:36
@marcelamelara
Update L1 and L2 per review comments
1cdafe6 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
High-level updates to level focus, terminology changes
b038a0d 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
Finalize first draft of L2, L3, remove L4
43aeac8 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
Fix typo
1a9ed18 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara @deeglaze
Apply wording fixes from reviews
89b7e05 
Co-authored-by: Dionna Amalie Glaze <drdeeglaze@gmail.com>
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
Some clarifying revisions regarding the build agent
a90c386 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
Add BuildEnv levels to website nav
c0c8105 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara marcelamelara force-pushed the attested-build-env-track branch from 4610a2c to c0c8105 Compare October 11, 2024 18:36
@marcelamelara
Move BuildEnv terms and defs to terminology.md
5ab03df 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara marcelamelara mentioned this pull request Oct 11, 2024
Open
marcelamelara and others added 2 commits October 11, 2024 17:27
@marcelamelara @arewm
Apply suggestions from code review
e474652 
Co-authored-by: Andrew McNamara <arewm@users.noreply.github.com>
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@marcelamelara
More small wording changes from review
e5eda5a 
Signed-off-by: Marcela Melara <marcela.melara@intel.com>
@TomHennen TomHennen mentioned this pull request Oct 14, 2024
Open
zachariahcox
zachariahcox reviewed Oct 14, 2024
View reviewed changes
This was referenced Oct 15, 2024
Open
Open
Open
Closed
Open
TomHennen
TomHennen approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@TomHennen TomHennen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an amazing start.

I think we can continue to iterate on this draft in other issues & PRs.

Thanks Marcela!

@TomHennen TomHennen changed the title content: Add attested build environment track content: draft: Add attested build environment track Oct 15, 2024
@TomHennen
Copy link
Contributor

TomHennen commented Oct 15, 2024

FYI updated title to indicate this is draft!

@marcelamelara marcelamelara requested a review from arewm October 16, 2024 14:59
This was referenced Oct 21, 2024
Open
Open
arewm
arewm approved these changes Oct 21, 2024
View reviewed changes
Copy link
Member

@arewm arewm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this draft content. Many of the topics that I have raised have moved to issues. Partially for my reference (because there were so many threads), I think the conversation has moved here:

  • Potential clarification for hosted terminology: #947
  • Which parts of the build system should this apply to: #1211
  • Clarifications of where/how to use provenance vs VSA: #974; #1148
  • Missing figure: #1165
  • Consistency of terminology/definitions: #1177 (additionally, build image producer should be explicit about the party/parties involved #1115 (comment))
  • Agent-less build environments: #1185
  • Connection between build and build environment track: #1210
  • Attestation flow including how/when to verify: #1169
  • VM and container differentiation: #1192

@marcelamelara marcelamelara merged commit cc81626 into slsa-framework:main Oct 21, 2024
@marcelamelara marcelamelara deleted the attested-build-env-track branch January 9, 2025 16:08
@adityasaky adityasaky mentioned this pull request Jan 15, 2025
Merged
lehors pushed a commit that referenced this pull request Jan 17, 2025
@marcelamelara
nonspec: Add Pavel to maintainers (#1271)
8941620 
Requesting to add @paveliak as a maintainer. He contributes as
co-shepherd of the attested build environment track, so being able to
manage issues and approve PRs in this track would be really helpful.

Relevant contributions to the track:
* PR review:
#1115 (review)
* PR review:
#1244 (review)
* Issue discussion: #1253
* Issue discussion: #1267
* Issue discussion: #1150

Signed-off-by: Marcela Melara <marcela.melara@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paveliak paveliak paveliak left review comments

@zachariahcox zachariahcox zachariahcox left review comments

@TomHennen TomHennen TomHennen approved these changes

@arewm arewm arewm approved these changes

@mlieberman85 mlieberman85 Awaiting requested review from mlieberman85

+4 more reviewers

@deeglaze deeglaze deeglaze left review comments

@haydentherapper haydentherapper haydentherapper left review comments

@kommendorkapten kommendorkapten kommendorkapten left review comments

@thirumalareddym thirumalareddym thirumalareddym left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@marcelamelara marcelamelara

Labels

build-environment-track Issues/PRs related to the SLSA BuildEnv track

Projects

Issue triage
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@marcelamelara @TomHennen @deeglaze @paveliak @haydentherapper @kommendorkapten @thirumalareddym @arewm @zachariahcox