SLSA Build Provenance Action

Version updated for philips-labs/slsa-provenance-action to version v0.9.0.

  • This action is used across all versions by 0 repositories.

Go to the GitHub Marketplace to find the latest changes.

Release notes

Changelog

  • 3746bf21da78866632dea85cfd2cb90fcdfe3fd7: :arrow_up: Bump actions/cache from 3.0.4 to 3.0.5 (@dependabot[bot])
  • 310f33257a79566a610a08bf18880e87c38615e6: :arrow_up: Bump actions/cache from 3.0.5 to 3.0.6 (@dependabot[bot])
  • 7058b58e4164511374cca4b10ba0b9bdb3571513: :arrow_up: Bump actions/checkout from 3.0.2 to 3.1.0 (@dependabot[bot])
  • b2d766f9392b31045bce16a9a2eb67b8c1d43ee6: :arrow_up: Bump actions/checkout from 3.1.0 to 3.2.0 (@dependabot[bot])
  • 8670b4766a05f3c2672f5523f1a14db7893454f2: :arrow_up: Bump actions/checkout from 3.2.0 to 3.3.0 (@dependabot[bot])
  • d5c9345a1af6dbc4f8984fcc40cb7d3ca9f3d2e8: :arrow_up: Bump actions/checkout from 3.3.0 to 3.4.0 (@dependabot[bot])
  • a87ddb85d6cd559baa8909b509774ef05a834cd1: :arrow_up: Bump actions/checkout from 3.4.0 to 3.5.0 (@dependabot[bot])
  • 88a1a09d8e290f9631ed0f2724b8b32c7eff1bbb: :arrow_up: Bump actions/checkout from 3.5.0 to 3.5.3 (@dependabot[bot])
  • 0c00dd624b3f06c00fe49a623a969d88bb22cf52: :arrow_up: Bump actions/checkout from 3.5.3 to 3.6.0 (@dependabot[bot])
  • 56cf398ee05a80a11b88533b4114c5dceb129283: :arrow_up: Bump actions/checkout from 3.6.0 to 4.0.0 (@dependabot[bot])
  • d6faf430a8020f6c337195c0f2556fc61b3a1f43: :arrow_up: Bump actions/checkout from 4.0.0 to 4.1.0 (@dependabot[bot])
  • 5dfb6a6934fea890e64111769ce5d2cb8226f867: :arrow_up: Bump actions/checkout from 4.1.0 to 4.1.1 (@dependabot[bot])
  • 97f73bfd8bc805171bbf32f660e7beef44fe982f: :arrow_up: Bump actions/download-artifact from 3.0.0 to 3.0.1 (@dependabot[bot])
  • 0c57f5cfa35d2b207f532f78a29ccbfed73e6383: :arrow_up: Bump actions/download-artifact from 3.0.1 to 3.0.2 (@dependabot[bot])
  • ed7a5bd7ecfd88e44ed04dcf1f752eba72680b0c: :arrow_up: Bump actions/setup-go from 3.2.0 to 3.2.1 (@dependabot[bot])
  • eaff0a164e9613a1e03f31348c77600fb1b7c145: :arrow_up: Bump actions/setup-go from 3.2.1 to 3.3.0 (@dependabot[bot])
  • 3a09484a251f99573d698c698bf6bc3765fceed9: :arrow_up: Bump actions/setup-go from 3.3.0 to 3.3.1 (@dependabot[bot])
  • b9db5d5bde3eba33d217e3e11b3ebf2eeba43ae5: :arrow_up: Bump actions/setup-go from 3.3.1 to 3.4.0 (@dependabot[bot])
  • e27f4f2ef0409962e72c92b881bd7eb9867e5c4e: :arrow_up: Bump actions/setup-go from 3.4.0 to 3.5.0 (@dependabot[bot])
  • 62876c171167eabea7bbd08a7895bd4e5553dd01: :arrow_up: Bump actions/setup-go from 3.5.0 to 4.0.0 (@dependabot[bot])
  • 9631940278fe5047b8243bacca5203700dd381ad: :arrow_up: Bump actions/setup-go from 4.0.0 to 4.0.1 (@dependabot[bot])
  • 85046cc56f363272f51b6cebec034f8777298d66: :arrow_up: Bump actions/setup-go from 4.0.1 to 4.1.0 (@dependabot[bot])
  • cc7d74cef19835de03a461d56963177e327baa93: :arrow_up: Bump actions/setup-go from 4.1.0 to 5.0.0 (@dependabot[bot])
  • 08b4d8723a09a85210e27382f1649ba8744bd4d6: :arrow_up: Bump actions/upload-artifact from 3.1.0 to 3.1.1 (@dependabot[bot])
  • 70437b3b7091141c0a943120f02de4e4b39b6b94: :arrow_up: Bump actions/upload-artifact from 3.1.1 to 3.1.2 (@dependabot[bot])
  • f0c324d0472ba9707f97f7536777f77e0b25e51b: :arrow_up: Bump actions/upload-artifact from 3.1.2 to 3.1.3 (@dependabot[bot])
  • 35eca785b6ae94a819bd6a5ee87ef3b4aee8f060: :arrow_up: Bump anchore/sbom-action from 0.11.0 to 0.12.0 (@dependabot[bot])
  • fb57b1f9eb184759aa6e2a7db68dac920399510d: :arrow_up: Bump anchore/sbom-action from 0.12.0 to 0.13.0 (@dependabot[bot])
  • 194d93732f7102b3ca3b00c9e761d14c4416a1b2: :arrow_up: Bump anchore/sbom-action from 0.13.0 to 0.13.1 (@dependabot[bot])
  • adf3a8a3d8c4d1098dfcfdf40770662460886ea3: :arrow_up: Bump anchore/sbom-action from 0.13.1 to 0.13.3 (@dependabot[bot])
  • b9347b1c185a6eab587241bfb7f9984b38b17a4b: :arrow_up: Bump anchore/sbom-action from 0.13.3 to 0.13.4 (@dependabot[bot])
  • 4aaf6a12b6047b8d81af42eab6f691a16be21bea: :arrow_up: Bump anchore/sbom-action from 0.13.4 to 0.14.2 (@dependabot[bot])
  • f188a892c2ef5c366a2c23223d18db50176930b4: :arrow_up: Bump anchore/sbom-action from 0.14.2 to 0.14.3 (@dependabot[bot])
  • bf784fdd4c3244bf7e82d4bfbf275db67ce0806b: :arrow_up: Bump anchore/sbom-action from 0.14.3 to 0.15.0 (@dependabot[bot])
  • 8e383f891e95cb4aac270aa1cd7de301fd34219a: :arrow_up: Bump anchore/sbom-action from 0.15.0 to 0.15.1 (@dependabot[bot])
  • 0f36c5241670f3766a4564139399479a8df22624: :arrow_up: Bump codecov/codecov-action from 3.1.0 to 3.1.1 (@dependabot[bot])
  • bb600c5c8c3626e4529e52b390df9ced5c3888fa: :arrow_up: Bump codecov/codecov-action from 3.1.1 to 3.1.2 (@dependabot[bot])
  • b86f4e94a0910186007f8a1133c3e3361c839442: :arrow_up: Bump codecov/codecov-action from 3.1.2 to 3.1.3 (@dependabot[bot])
  • 450643d08b239ba1516fb641b3bb7746a3310a77: :arrow_up: Bump codecov/codecov-action from 3.1.3 to 3.1.4 (@dependabot[bot])
  • e4305e8e4dd7c200089635c0cd0a01d9f396ad2c: :arrow_up: Bump github.com/docker/distribution (@dependabot[bot])
  • 37037a07a9316d7d379b3c7574f50e1f43d088b8: :arrow_up: Bump github.com/docker/docker (@dependabot[bot])
  • 2efd2ab38155cb9e67d0cdb5c4abf1e3ac429b25: :arrow_up: Bump github.com/docker/docker (@dependabot[bot])
  • ad774173fab4dc2a557c0dd67e8de11d992b6f88: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 333da6adcbe034c915b47268a4ddf700146278f7: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • e7ae6b39fd234ce907ce62a458c7dab8ada59983: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 1606b5682605ae6249914acd62bc75de95d29443: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 9c4d5ab702d6e9f5a9e8a8bf90a85716645b6932: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 3df408f9362f813e33c9a74f13d22b452e3e7107: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 710ccc96e3ee3b7e46428a28bbb629e380f6ef6c: :arrow_up: Bump github.com/google/go-containerregistry (@dependabot[bot])
  • 9b01beb55cb50de223323d168e6690f1379353e3: :arrow_up: Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (@dependabot[bot])
  • 69bbe787e5d07547c5f8cd3641e1c3f8e11a6a73: :arrow_up: Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (@dependabot[bot])
  • c40a44421493d03955917554d6e5e85c72a547db: :arrow_up: Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 (@dependabot[bot])
  • 7f470e30bd63e0030a8bbd369d2f05aa8e75f059: :arrow_up: Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (@dependabot[bot])
  • e31a5ddca63261ce8562fd870e50ab3f201d3532: :arrow_up: Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (@dependabot[bot])
  • 2af308fac7188055d87144823aad0c6b9471e0a6: :arrow_up: Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 (@dependabot[bot])
  • 68bfd44240ec61e0d5d6057ddb1476db16a7bdba: :arrow_up: Bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (@dependabot[bot])
  • d88be0a71d43671bc75fdd739e35fc6eb15eac71: :arrow_up: Bump golang.org/x/crypto (@dependabot[bot])
  • 38052759b1ac2f33e5e68836019e0527d6208dab: :arrow_up: Bump golang.org/x/net from 0.16.0 to 0.17.0 (@dependabot[bot])
  • 66d28a26e8871f21c2f72c5bfe699d6448517e9b: :arrow_up: Bump golang.org/x/net from 0.5.0 to 0.7.0 (@dependabot[bot])
  • 8a5fd513dc1283917701b57fd7136747b590f8be: :arrow_up: Bump golang.org/x/oauth2 from 0.1.0 to 0.2.0 (@dependabot[bot])
  • a7de8939bf4d78b8a8d0c2023004538b28809f0b: :arrow_up: Bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 (@dependabot[bot])
  • b8e8907d5732be6924617441a2a618ca409bb11b: :arrow_up: Bump golang.org/x/oauth2 from 0.12.0 to 0.13.0 (@dependabot[bot])
  • 4a1cc02647704471729474088351876d141bafb1: :arrow_up: Bump golang.org/x/oauth2 from 0.13.0 to 0.14.0 (@dependabot[bot])
  • 0ddf5abf91a01b403e7e20f9ea2043c342283bcd: :arrow_up: Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (@dependabot[bot])
  • 5c27f90021d79051ed935295246e0e70eb3157f1: :arrow_up: Bump golang.org/x/oauth2 from 0.2.0 to 0.3.0 (@dependabot[bot])
  • f68f40be23a0352ff934f6cef6524608e2c568d9: :arrow_up: Bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 (@dependabot[bot])
  • 3fbb2bc99d08ecf4f8d83866d712d327640110eb: :arrow_up: Bump golang.org/x/oauth2 from 0.7.0 to 0.8.0 (@dependabot[bot])
  • b8dcebae24d40d1e16098bae403b01adbddf9974: :arrow_up: Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (@dependabot[bot])
  • 7a20e22a231526cdeb6a28c20e7ce7a36656797f: :arrow_up: Bump golang.org/x/oauth2 from 0.9.0 to 0.11.0 (@dependabot[bot])
  • 903776fb627e1fe1398aaad7ac9eb4dd35cf6dda: :arrow_up: Bump goreleaser/goreleaser-action from 3 to 4 (@dependabot[bot])
  • e25e2f0a1af43aecb67005fae2d0d0421143bf33: :arrow_up: Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (@dependabot[bot])
  • 6d2d381e93847f100e2606a888d64b60922157d2: :arrow_up: Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (@dependabot[bot])
  • 97f7199eba6b13ee8c2c860e5e3b239c2eacaeee: :arrow_up: Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (@dependabot[bot])
  • c6603efab16fe3c90e73af95d8279ae18bf4825a: :arrow_up: Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (@dependabot[bot])
  • b3eabdf59051391e3906a4aa772d2f73ea42a950: :arrow_up: Bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (@dependabot[bot])
  • f450c792bd1e1d4ddcb5363f02f0b1761c922204: :arrow_up: Bump philips-labs/slsa-provenance-action from 0.7.2 to 0.8.0 (@dependabot[bot])
  • e5f2562c0e17b815d64df5fa4ee0ef479f24d0d7: :arrow_up: Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 (@dependabot[bot])
  • 7a7a210d6e087ed1433b5f60fdf38ce18b69d941: :arrow_up: Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (@dependabot[bot])
  • 4f18ebf3d84eef9331a4646c05361b9234ae62d6: :arrow_up: Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (@dependabot[bot])
  • 79f00526dd93247d0c386259df26029b6d952492: :arrow_up: Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (@dependabot[bot])
  • 32de026da011a0d618d91cdcaf4373ae76191f7d: :arrow_up: Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (@dependabot[bot])
  • 5c7e26909f7f0b9ca74883eb1f1f75c14de86f59: :arrow_up: Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (@dependabot[bot])
  • cb07346716bd7a8a43be7c433c8ffef26b267a93: :arrow_up: Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (@dependabot[bot])
  • f93593c4e55e5c98eb58a1dc68724e2b3fecd552: :arrow_up: Bump sigstore/cosign-installer from 2.8.1 to 3.0.1 (#244) (@dependabot[bot])
  • 03d38a0817c3795c97158af1224a9dacf385f27d: :arrow_up: Bump sigstore/cosign-installer from 3.0.1 to 3.0.5 (@dependabot[bot])
  • 16a9e61d459a11256d43842eb5b94607a7494902: :arrow_up: Bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#275) (@dependabot[bot])
  • 7daa4591f63a3620d43273a3116c8df06f6ea10c: :arrow_up: Bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#277) (@dependabot[bot])
  • 5be1122a5af48f4bec4b68633fd51a05ce4e809d: :arrow_up: Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 (#284) (@dependabot[bot])
  • c0615c35c9d4995609f15ac79b442b95c3a5f991: :arrow_up: Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (@dependabot[bot])
  • 25097a879c24e6967a31e960f24a7e4eb7b50bc0: Add Actionpath and Job to Entrypoint (@JeroenKnoops)
  • c476f35c0aab16e8de859c7d5622aa96d1963f6e: Bump cosign from 1.10.0 to 1.11.1 (@marcofranssen)
  • 1706f4261af593d4a045ead40a1b470fbe917192: Bump cosign from 1.11.1 to 1.12.1 (@marcofranssen)
  • a05796cb4e40f13e930c837974865c069fcb1f9a: Bump cosign from 1.12.1 to 1.13.0 (@marcofranssen)
  • 906a9f77a4ff75c174ab6adab8b5389ff2c4e1e2: Bump cosign from v1.13.0 to v1.13.1 (@marcofranssen)
  • ad8dff96c057b2b7b07764f795459175fc7d1b5e: Bump cosign to v1.10.0 (@marcofranssen)
  • 91bc25fbc621e3938895c6a5bf25a4257c97de6f: Bump cosign to v2.2.1 (@marcofranssen)
  • c209f4ea5406e8cbf7c05c1dad0110f0cd3fca96: Bump go to 1.21 (@marcofranssen)
  • a701cedd6b7ebc932cca034bebd772eb6b847fd7: Confirm prompt cosign (@marcofranssen)
  • c545fca0f8c43922373db9f93c013e2c6d466d6f: Fix CI by configuring permissions in workflow (@marcofranssen)
  • 52ed3f7e36a5dccdffffb2020df645c48104018d: Fix cosign + add keyless signatures (@marcofranssen)
  • 45e55a0df616a2d48e7e88e863f097aa41f46118: Fix documentation linting issue (@marcofranssen)
  • eb2a740174ff84e3eeb5c77530dbeaac18a9fe30: Fix goreleaser deprecations (@marcofranssen)
  • 73124e571366438de8dffd3fb487af348c635e30: Fix multiple docker signs (@marcofranssen)
  • 778859edede6e20c9f79d7f2da6279217e4f678d: Fix release workflow permissions (@marcofranssen)
  • 6b2fd198d38ba72fb3cc08fbc52da2ebaef2efad: Fix test (@marcofranssen)
  • 68d75e43670517007af0bbba8c83eadd06f216cf: Fix tests for releases (@marcofranssen)
  • 3de20517e49a35ded15f9a93a576a7595d4e3ad7: Improve workflow security by not writing the private key to a file (@marcofranssen)
  • 07326900d7db97ad54b9e6e5259c56c8416a3345: Pin GH actions (@marcofranssen)
  • 74d71ed281014f47630f5dd5e855520a134bf276: Refactor some duplication in tests (@marcofranssen)
  • b7483c6a2febd27b0e0f96e9b0d34bd793015a55: Remove job part in entrypoint. (@JeroenKnoops)
  • 0b6993f1e33f4d96e9dd91790d4c5a899cc166c2: Replace deprecated set-output (@marcofranssen)
  • 9cf5a6a871e9545ee577285e7c26b5214102e205: Resolve goreleaser deprecation warning (@marcofranssen)
  • 987024a83d6df8073a68eb87472fd9946ab806a1: Update ListReleases test (@marcofranssen)
  • 4d30d906eaeafa9dbc6f1004a1844e2b73453e59: Update Makefile (@jkremser)
  • 28d96d79baec7a41f3a5576716131c2246c3490f: Use caching builtin setup-go action (@marcofranssen)
  • 4d344a2452fd6f38855ba5e170c5433cf9562082: fix: replace deprecated set-output with GITHUB_OUTPUT (@ckotzbauer)

Full Changelog: https://github.com/philips-labs/slsa-provenance-action/compare/v0.8.0...v0.9.0