You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Part of the reason we don't already do that is so that we can verify that everything in the provenance can be matched with equivalent values in the fulcio certificates of github actions provenances. And
When you Unmarshall in the typical way, unspecified fields are lost. Still, it's nicer to have a schema, and so we may be able to use json.RawMessage to preserve unspecified filds when Unmarshalling, so that we can still check the provenance for extra data.
The text was updated successfully, but these errors were encountered:
Similar to how the GCB provenances are fully parsed with a struct, we should do the same for Github Actions Provenances
slsa-verifier/verifiers/internal/gcb/provenance.go
Lines 25 to 26 in 9b5430f
Part of the reason we don't already do that is so that we can verify that everything in the provenance can be matched with equivalent values in the fulcio certificates of github actions provenances. And
When you Unmarshall in the typical way, unspecified fields are lost. Still, it's nicer to have a schema, and so we may be able to use json.RawMessage to preserve unspecified filds when Unmarshalling, so that we can still check the provenance for extra data.
The text was updated successfully, but these errors were encountered: