Skip to content

Add SLSA Source Provenance Attestation via slsa-source-corroborator#1210

Merged
spoorcc merged 1 commit into
mainfrom
slsa-source-provenance
May 16, 2026
Merged

Add SLSA Source Provenance Attestation via slsa-source-corroborator#1210
spoorcc merged 1 commit into
mainfrom
slsa-source-provenance

Conversation

@spoorcc
Copy link
Copy Markdown
Contributor

@spoorcc spoorcc commented May 16, 2026

Closes gap C-037. Publishes a Source Provenance Attestation (predicate type https://slsa.dev/source_provenance/v1) on every push to main via slsa-framework/slsa-source-corroborator, proving that branch protection, mandatory code review, and ancestry enforcement (C-038) were applied to each commit.

@spoorcc
Add SLSA Source Provenance Attestation via slsa-source-corroborator
ef58343 
Closes gap C-037. Publishes a Source Provenance Attestation
(predicate type https://slsa.dev/source_provenance/v1) on every push
to main via slsa-framework/slsa-source-corroborator, proving that
branch protection, mandatory code review, and ancestry enforcement
(C-038) were applied to each commit.
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 16, 2026

Warning

Rate limit exceeded

@spoorcc has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 29 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: eeeb87ec-00cc-4671-9292-1c2a9da8b574

📥 Commits

Reviewing files that changed from the base of the PR and between 2c73c25 and ef58343.

📒 Files selected for processing (4)
  • .github/workflows/source-provenance.yml
  • doc/explanation/threat_model_supply_chain.rst
  • doc/howto/verify-integrity.rst
  • security/tm_supply_chain.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch slsa-source-provenance

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@spoorcc spoorcc merged commit f02a228 into main May 16, 2026
36 checks passed
@spoorcc spoorcc deleted the slsa-source-provenance branch May 16, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@spoorcc