Skip to content

BCID & SLSA #197

New issue
New issue
Open
Open
BCID & SLSA#197
@djhedges

Description

@djhedges
djhedges
opened on Aug 14, 2024

GCP documentation points to SLSA (https://slsa.dev) for verifying build provenance which is akin to BCID.
https://cloud.google.com/build/docs/securing-builds/generate-validate-build-provenance#validate_provenance_using_the_slsa_verifier

There are also Google Security blog posts tagged with BCID & GOSST (Google's Open Source Security Upstream Team).
https://security.googleblog.com/2022/04/how-to-slsa-part-1-basics.html
https://security.googleblog.com/2022/04/how-to-slsa-part-2-details.html
https://security.googleblog.com/2022/04/how-to-slsa-part-3-putting-it-all.html

I'm not sure what category this would belong under? DevOps maybe along side blaze?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions