Skip to content

chore: refactor provenance level 3 check into analysis #817

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 23 commits into from
Mar 11, 2025
Merged

chore: refactor provenance level 3 check into analysis #817

merged 23 commits into from
Mar 11, 2025

Conversation

benmss
Copy link
Member

@benmss benmss commented Aug 7, 2024
edited
Loading

This PR refactors the provenance level 3 check so that its logic takes place as part of the analysis, and the results of which are stored in the database along with the provenance itself. This check then only needs to read from the analysis context to report the results.

To better separate provenance related logic from the Repo / Commit Finder, provenance scripts are moved to a new sub module.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 7, 2024
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch from 0618836 to 4190dab Compare August 7, 2024 07:27
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch from 4190dab to c0e88a4 Compare August 15, 2024 03:40
@benmss benmss marked this pull request as ready for review August 15, 2024 04:57
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch 2 times, most recently from 4eafea1 to e00f779 Compare January 14, 2025 02:46
@benmss benmss marked this pull request as draft January 16, 2025 03:55
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch 3 times, most recently from 24a9fc8 to b4e0944 Compare January 23, 2025 07:04
@benmss benmss marked this pull request as ready for review January 27, 2025 23:47
@behnazh-w behnazh-w requested a review from nicallen February 3, 2025 03:21
@benmss benmss mentioned this pull request Feb 3, 2025
Open
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch from 4689b11 to 2786fb3 Compare February 14, 2025 06:54
@behnazh-w
Copy link
Member

behnazh-w commented Mar 7, 2025
edited
Loading

@benmss Please add the new verify-provenance cmd line option to the documentation (docs/source/pages/cli_usage/index.rst) and make sure the tutorials and documentation pages that require provenance verification are also updated.

@behnazh-w
Copy link
Member

For some reason the tests/integration/cases/ossf_scorecard/test.yaml and tests/integration/cases/micronaut-projects_micronaut-test/test.yaml tests, which verify the provenances, do not include --verify-provenance but still pass.

@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch from 1ad1715 to 9718aa7 Compare March 10, 2025 02:39
benmss added 22 commits March 11, 2025 14:38
@benmss
chore: add docs
6f1f4d9 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: minor fix
e446b9b 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: add SLSA version value to Provenance table
08eb999 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: minor fix
f054ef8 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: account for witness provenance
ce5dc16 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: pylint
a2d54d4 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: store provenance as String type
6a114b4 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: use build type function; remove old slsa verifier check
a1e56a6 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: update comments
9ff8a50 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: silence bugged pylint check with comment
c1d47d1 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: remove pylint check suppression
9af137a 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: rename inferred provenance
8cc0348 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: make provenance verification flag a command line option and di…
29b4d70 
…sable by default

Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: minor fix
6d00430 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: add new verify provenance command to integration tests
dc35afc 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: prevent l3 verify with command option, and update relevant tests
a72ac05 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: update docs and tutorial
54c1c20 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: replace l3 check with provenance verify and slsa level 3 in po…
5ae92f0 
…licies

Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: finish removing provenance level 3 check
a7cbda8 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: remove references to removed check
963b783 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: remove check from docs
e4890ce 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss
chore: address PR feedback
864dfac 
Signed-off-by: Ben Selwyn-Smith <[email protected]>
@benmss benmss force-pushed the benmss/refactor-provenance-level-3 branch from 8178a1d to 864dfac Compare March 11, 2025 04:39
@benmss benmss merged commit 0a81f5e into staging Mar 11, 2025
9 checks passed
@benmss benmss deleted the benmss/refactor-provenance-level-3 branch April 8, 2025 00:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tromai tromai tromai left review comments

@nicallen nicallen nicallen approved these changes

@behnazh-w behnazh-w behnazh-w approved these changes

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@benmss @behnazh-w @nicallen @tromai