\u0644\u0637\u0627\u0644\u0645\u0627 \u0643\u0627\u0646 \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0643\u0648\u062f \u0631\u0643\u064a\u0632\u0629 \u0623\u0633\u0627\u0633\u064a\u0629 \u0641\u064a \u0623\u0645\u0646 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u0639\u0646\u062f\u0645\u0627 \u062a\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0648\u0642\u064a\u0639 \u0645\u0627\u060c \u062a\u0639\u0631\u0641 \u0645\u0646<\/em> \u0648\u0642\u0651\u0639 \u0639\u0644\u0649 \u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u0644\u0643\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u0648\u0642\u0651\u0639 \u0639\u0644\u0649 \u0634\u064a\u0621 \u0645\u0627 \u0644\u0627 \u062a\u062e\u0628\u0631\u0643 \u0643\u064a\u0641<\/em> \u062a\u0645 \u0628\u0646\u0627\u0624\u0647\u060c \u0623\u0648 \u0623\u064a\u0646<\/em> \u062a\u0645 \u0628\u0646\u0627\u0624\u0647\u060c \u0623\u0648 \u0645\u0627 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0635\u062f\u0631\u064a<\/em> \u0627\u0644\u0630\u064a \u062f\u062e\u0644 \u0641\u064a\u0647. \u064a\u0645\u0643\u0646 \u0644\u0645\u0634\u0631\u0641 \u0623\u0646 \u064a\u0648\u0642\u0651\u0639 \u0645\u0644\u0641\u064b\u0627 \u062b\u0646\u0627\u0626\u064a\u064b\u0627 \u062a\u0645 \u062a\u062c\u0645\u064a\u0639\u0647 \u0639\u0644\u0649 \u062d\u0627\u0633\u0648\u0628 \u0645\u062d\u0645\u0648\u0644 \u0645\u062e\u062a\u0631\u0642 \u0645\u0639 \u062d\u0642\u0646 \u062a\u0628\u0639\u064a\u0627\u062a \u062e\u0628\u064a\u062b\u0629 \u2014 \u0648\u0633\u064a\u0638\u0644 \u0627\u0644\u062a\u0648\u0642\u064a\u0639 \u0635\u0627\u0644\u062d\u064b\u0627 \u062a\u0645\u0627\u0645\u064b\u0627.<\/p>\n \u0647\u0630\u0647 \u0647\u064a \u0627\u0644\u0641\u062c\u0648\u0629 \u0627\u0644\u062a\u064a \u064a\u0633\u062f\u0647\u0627 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0627\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 (artifact provenance)<\/strong>. \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0647\u0648 \u0633\u062c\u0644 \u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u062d\u0642\u0642 \u064a\u0648\u0636\u062d \u0643\u064a\u0641 \u062a\u0645 \u0625\u0646\u062a\u0627\u062c \u0642\u0637\u0639\u0629 \u0628\u0631\u0645\u062c\u064a\u0629. \u064a\u0644\u062a\u0642\u0637 \u0645\u0646\u0635\u0629 \u0627\u0644\u0628\u0646\u0627\u0621\u060c \u0648\u0645\u0633\u062a\u0648\u062f\u0639 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0635\u062f\u0631\u064a\u060c \u0648\u0646\u0642\u0637\u0629 \u0627\u0644\u062f\u062e\u0648\u0644\u060c \u0648\u0645\u0639\u0627\u0645\u0644\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621\u060c \u0648\u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629. \u0628\u0627\u0644\u0627\u0642\u062a\u0631\u0627\u0646 \u0645\u0639 \u0627\u0644\u062a\u0648\u0642\u064a\u0639\u0627\u062a\u060c \u064a\u0645\u0646\u062d \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0627\u0644\u0645\u0633\u062a\u0647\u0644\u0643\u064a\u0646 \u0635\u0648\u0631\u0629 \u0643\u0627\u0645\u0644\u0629: \u0644\u064a\u0633 \u0641\u0642\u0637 “\u0645\u0646 \u064a\u0636\u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629”\u060c \u0628\u0644 “\u0645\u0627 \u0627\u0644\u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062a\u064a \u0623\u0646\u0634\u0623\u062a\u0647\u0627 \u0641\u0639\u0644\u0627\u064b”.<\/p>\n \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u062f\u0644\u064a\u0644\u060c \u0633\u0646\u0633\u062a\u0643\u0634\u0641 \u0623\u0647\u0645 \u0625\u0637\u0627\u0631\u064a\u0646 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0645\u062c\u0627\u0644 \u2014 SLSA<\/strong> (Supply-chain Levels for Software Artifacts) \u0648in-toto<\/strong> \u2014 \u0648\u0633\u0646\u0645\u0631 \u0639\u0628\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u0639\u0645\u0644\u064a \u0641\u064a \u0623\u0646\u0627\u0628\u064a\u0628 CI\/CD \u0627\u0644\u062d\u062f\u064a\u062b\u0629. \u0633\u0648\u0627\u0621 \u0643\u0646\u062a \u0645\u0647\u0646\u062f\u0633 \u0645\u0646\u0635\u0627\u062a \u062a\u0639\u0645\u0644 \u0639\u0644\u0649 \u062a\u0623\u0645\u064a\u0646 \u0628\u0646\u064a\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u062a\u062d\u062a\u064a\u0629 \u0623\u0648 \u0645\u0637\u0648\u0631\u064b\u0627 \u064a\u062d\u0627\u0648\u0644 \u0641\u0647\u0645 \u0645\u0627 \u064a\u062a\u0637\u0644\u0628\u0647 SLSA Level 3 \u0641\u0639\u0644\u0627\u064b\u060c \u0633\u062a\u0645\u0646\u062d\u0643 \u0647\u0630\u0647 \u0627\u0644\u0645\u0642\u0627\u0644\u0629 \u0627\u0644\u0639\u0645\u0642 \u0627\u0644\u062a\u0642\u0646\u064a \u0627\u0644\u0630\u064a \u062a\u062d\u062a\u0627\u062c\u0647.<\/p>\n \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0627\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 (artifact provenance) \u0647\u0648 \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629 \u062a\u0635\u0641 \u0623\u0635\u0644 \u0648\u0639\u0645\u0644\u064a\u0629 \u0628\u0646\u0627\u0621 \u0642\u0637\u0639\u0629 \u0628\u0631\u0645\u062c\u064a\u0629. \u0641\u0643\u0631 \u0641\u064a\u0647 \u0643\u0625\u064a\u0635\u0627\u0644 \u0628\u0646\u0627\u0621: \u0645\u0633\u062a\u0646\u062f \u0645\u0646\u0638\u0645 \u0648\u0645\u0648\u0642\u0651\u0639 \u064a\u062c\u064a\u0628 \u0639\u0644\u0649 \u062b\u0644\u0627\u062b\u0629 \u0623\u0633\u0626\u0644\u0629 \u062c\u0648\u0647\u0631\u064a\u0629:<\/p>\n \u0627\u0644\u062a\u0648\u0642\u064a\u0639\u0627\u062a \u0648\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0645\u062a\u0643\u0627\u0645\u0644\u0627\u0646 \u0644\u0643\u0646\u0647\u0645\u0627 \u064a\u062e\u062f\u0645\u0627\u0646 \u0623\u063a\u0631\u0627\u0636\u064b\u0627 \u0645\u062e\u062a\u0644\u0641\u0629:<\/p>\n \u0623\u0646\u062a \u0628\u062d\u0627\u062c\u0629 \u0625\u0644\u0649 \u0643\u0644\u064a\u0647\u0645\u0627. \u0627\u0644\u062a\u0648\u0642\u064a\u0639 \u0628\u062f\u0648\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0647\u0648 \u0645\u062c\u0631\u062f \u0639\u0628\u0627\u0631\u0629 “\u062b\u0642 \u0628\u064a”. \u0648\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0628\u062f\u0648\u0646 \u062a\u0648\u0642\u064a\u0639 \u0647\u0648 \u0627\u062f\u0639\u0627\u0621 \u063a\u064a\u0631 \u0645\u0648\u062b\u0642. \u0645\u0639\u064b\u0627\u060c \u064a\u0648\u0641\u0631\u0627\u0646 \u062f\u0644\u064a\u0644\u064b\u0627 \u0639\u0644\u0649 \u0639\u062f\u0645 \u0627\u0644\u0639\u0628\u062b\u060c \u0648\u0642\u0627\u0628\u0644\u064a\u0629 \u0627\u0644\u062a\u062f\u0642\u064a\u0642\u060c \u0648\u0623\u0633\u0627\u0633\u064b\u0627 \u0644\u0625\u0646\u0641\u0627\u0630 \u0627\u0644\u0633\u064a\u0627\u0633\u0627\u062a \u0622\u0644\u064a\u064b\u0627.<\/p>\n \u064a\u0639\u0627\u0644\u062c \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0639\u062f\u0629 \u0645\u062e\u0627\u0637\u0631 \u062d\u0631\u062c\u0629 \u0641\u064a \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f:<\/p>\n SLSA<\/strong> (\u064a\u064f\u0646\u0637\u0642 “\u0633\u0627\u0644\u0633\u0627”) \u0647\u0648 \u0625\u0637\u0627\u0631 \u0623\u0645\u0646\u064a \u0637\u064f\u0648\u0651\u0631 \u0641\u064a \u0627\u0644\u0623\u0635\u0644 \u0641\u064a Google \u0648\u064a\u064f\u062f\u0627\u0631 \u062d\u0627\u0644\u064a\u064b\u0627 \u0628\u0648\u0627\u0633\u0637\u0629 OpenSSF. \u064a\u062d\u062f\u062f \u0646\u0645\u0648\u0630\u062c \u0646\u0636\u062c \u0644\u0623\u0645\u0646 \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f\u060c \u0645\u0639 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a \u062c\u0648\u0647\u0631\u0647. \u0644\u0627 \u064a\u0641\u0631\u0636 SLSA \u0623\u062f\u0648\u0627\u062a \u0645\u062d\u062f\u062f\u0629 \u2014 \u0628\u0644 \u064a\u062d\u062f\u062f \u0645\u062a\u0637\u0644\u0628\u0627\u062a<\/em> \u064a\u062c\u0628 \u0623\u0646 \u062a\u0644\u0628\u064a\u0647\u0627 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0648\u0627\u0644\u0645\u0646\u0635\u0627\u062a.<\/p>\n \u064a\u0635\u0645\u0645 SLSA \u0633\u0644\u0633\u0644\u0629 \u062a\u0648\u0631\u064a\u062f \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0643\u0623\u0646\u0628\u0648\u0628 \u0628\u0633\u064a\u0637:<\/p>\n \u0627\u0644\u0645\u0635\u062f\u0631 \u2190 \u0645\u0646\u0635\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u2190 \u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629<\/strong><\/p>\n \u0644\u0643\u0644 \u0645\u0631\u062d\u0644\u0629 \u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0645\u0645\u064a\u0632\u0629. \u064a\u0645\u0643\u0646 \u0627\u0644\u0639\u0628\u062b \u0628\u0627\u0644\u0645\u0635\u062f\u0631 (commits \u062e\u0628\u064a\u062b\u0629\u060c \u0627\u062e\u062a\u0631\u0627\u0642 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0625\u0635\u062f\u0627\u0631\u0627\u062a). \u064a\u0645\u0643\u0646 \u0627\u062e\u062a\u0631\u0627\u0642 \u0645\u0646\u0635\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 (\u062a\u0639\u062f\u064a\u0644 \u0633\u0643\u0631\u0628\u062a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621\u060c \u062d\u0642\u0646 \u062a\u0628\u0639\u064a\u0627\u062a). \u064a\u0645\u0643\u0646 \u0627\u0644\u0639\u0628\u062b \u0628\u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0628\u0639\u062f \u0627\u0644\u0628\u0646\u0627\u0621 (\u062a\u0633\u0645\u064a\u0645 \u0627\u0644\u0633\u062c\u0644\u060c \u0647\u062c\u0648\u0645 \u0627\u0644\u0648\u0633\u064a\u0637). \u064a\u0639\u0627\u0644\u062c SLSA \u0643\u0644\u064b\u0627 \u0645\u0646 \u0647\u0630\u0647 \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u0627\u062a \u0645\u0646 \u062e\u0644\u0627\u0644 \u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0635\u0627\u0631\u0645\u0629 \u0628\u0634\u0643\u0644 \u0645\u062a\u0632\u0627\u064a\u062f \u0639\u0646\u062f \u0643\u0644 \u0645\u0633\u062a\u0648\u0649.<\/p>\n \u064a\u062d\u062f\u062f SLSA v1.0 \u0623\u0631\u0628\u0639\u0629 \u0645\u0633\u062a\u0648\u064a\u0627\u062a \u0628\u0646\u0627\u0621\u060c \u0643\u0644 \u0645\u0646\u0647\u0627 \u064a\u0628\u0646\u064a \u0639\u0644\u0649 \u0627\u0644\u0633\u0627\u0628\u0642:<\/p>\n \u064a\u062d\u062f\u062f SLSA \u062a\u0646\u0633\u064a\u0642 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0645\u062d\u062f\u062f \u064a\u062c\u0628 \u0623\u0646 \u064a\u062a\u0636\u0645\u0646:<\/p>\n \u064a\u064f\u0639\u0628\u064e\u0651\u0631 \u0639\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0647\u0630\u0627 \u0643\u0645\u0633\u062a\u0646\u062f JSON \u0645\u0646\u0638\u0645\u060c \u0648\u062a\u062d\u062f\u064a\u062f\u064b\u0627 \u0643\u0640 in-toto attestation<\/strong> \u2014 \u0645\u0645\u0627 \u064a\u0642\u0648\u062f\u0646\u0627 \u0625\u0644\u0649 \u0627\u0644\u0642\u0633\u0645 \u0627\u0644\u062a\u0627\u0644\u064a.<\/p>\n in-toto<\/strong> \u0647\u0648 \u0625\u0637\u0627\u0631 \u0639\u0645\u0644 \u0644\u062a\u0623\u0645\u064a\u0646 \u0633\u0644\u0627\u0633\u0644 \u062a\u0648\u0631\u064a\u062f \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a \u0645\u0646 \u062e\u0644\u0627\u0644 \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629 \u0645\u0648\u0642\u0651\u0639\u0629 \u062a\u0634\u0641\u064a\u0631\u064a\u064b\u0627. \u0628\u064a\u0646\u0645\u0627 \u064a\u062d\u062f\u062f SLSA \u0645\u0627<\/em> \u064a\u062c\u0628 \u0623\u0646 \u064a\u062d\u062a\u0648\u064a\u0647 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0623\u064a \u0645\u0633\u062a\u0648\u0649 \u0623\u0645\u0646\u064a<\/em> \u064a\u0648\u0641\u0631\u0647\u060c \u064a\u062d\u062f\u062f in-toto \u062a\u0646\u0633\u064a\u0642 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0622\u0644\u064a\u0629 \u0627\u0644\u062a\u0648\u0642\u064a\u0639<\/em> \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629 \u0644\u062a\u0645\u062b\u064a\u0644 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647.<\/p>\n \u0641\u064a \u0646\u0645\u0648\u0630\u062c in-toto \u0627\u0644\u0623\u0635\u0644\u064a\u060c \u064a\u064f\u0648\u0635\u0641 \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0628\u0646\u0648\u0639\u064a\u0646 \u0645\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629:<\/p>\n \u0647\u0630\u0627 \u0627\u0644\u0646\u0645\u0648\u0630\u062c \u0642\u0648\u064a \u0644\u0633\u0644\u0627\u0633\u0644 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0645\u062a\u0639\u062f\u062f\u0629 \u0627\u0644\u062e\u0637\u0648\u0627\u062a \u062d\u064a\u062b \u062a\u062d\u062a\u0627\u062c \u0625\u0644\u0649 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0623\u0646 \u0627\u0644\u062e\u0637\u0648\u0629 A \u0623\u0646\u062a\u062c\u062a \u0627\u0644\u0645\u062e\u0631\u062c X\u060c \u0627\u0644\u0630\u064a \u0627\u0633\u062a\u064f\u0647\u0644\u0643 \u0628\u0639\u062f \u0630\u0644\u0643 \u0628\u0648\u0627\u0633\u0637\u0629 \u0627\u0644\u062e\u0637\u0648\u0629 B \u0644\u0625\u0646\u062a\u0627\u062c \u0627\u0644\u0645\u062e\u0631\u062c Y\u060c \u0645\u0639 \u062a\u0646\u0641\u064a\u0630 \u0643\u0644 \u062e\u0637\u0648\u0629 \u0628\u0648\u0627\u0633\u0637\u0629 \u0641\u0627\u0639\u0644 \u0645\u062e\u0648\u0651\u0644.<\/p>\n \u064a\u064f\u0639\u0645\u0651\u0645 \u062a\u0646\u0633\u064a\u0642 \u0634\u0647\u0627\u062f\u0627\u062a in-toto \u0627\u0644\u062d\u062f\u064a\u062b (ITE-6) \u0627\u0644\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0623\u0635\u0644\u064a \u0625\u0644\u0649 \u0625\u0637\u0627\u0631 \u0645\u0631\u0646 \u0648\u0642\u0627\u0628\u0644 \u0644\u0644\u062a\u0648\u0633\u064a\u0639. \u062a\u062a\u0643\u0648\u0646 \u0627\u0644\u0634\u0647\u0627\u062f\u0629 \u0645\u0646 \u062b\u0644\u0627\u062b \u0637\u0628\u0642\u0627\u062a:<\/p>\n 1. Statement:<\/strong> \u0627\u0644\u063a\u0644\u0627\u0641 \u0627\u0644\u062e\u0627\u0631\u062c\u064a \u0627\u0644\u0630\u064a \u064a\u0631\u0628\u0637 predicate \u0628\u0645\u0648\u0636\u0648\u0639 \u0648\u0627\u062d\u062f \u0623\u0648 \u0623\u0643\u062b\u0631.<\/p>\n 2. Predicate:<\/strong> \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0627\u0644\u0641\u0639\u0644\u064a\u0629 \u062d\u0648\u0644 \u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u062a\u062e\u062f\u0645 \u0623\u0646\u0648\u0627\u0639 predicate \u0627\u0644\u0645\u062e\u062a\u0644\u0641\u0629 \u0623\u063a\u0631\u0627\u0636\u064b\u0627 \u0645\u062e\u062a\u0644\u0641\u0629:<\/p>\n 3. Subject:<\/strong> \u0645\u0631\u062c\u0639 \u0648\u0627\u062d\u062f \u0623\u0648 \u0623\u0643\u062b\u0631 \u0644\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629\u060c \u0643\u0644 \u0645\u0646\u0647\u0627 \u0645\u062d\u062f\u062f \u0628\u0627\u0633\u0645 \u0648\u0645\u062c\u0645\u0648\u0639\u0629 \u0645\u0646 \u0627\u0644\u0628\u0635\u0645\u0627\u062a \u0627\u0644\u062a\u0634\u0641\u064a\u0631\u064a\u0629. \u0647\u0630\u0627 \u064a\u0631\u0628\u0637 predicate \u0628\u0642\u0637\u0639 \u0628\u0631\u0645\u062c\u064a\u0629 \u0645\u062d\u062f\u062f\u0629.<\/p>\n \u062a\u064f\u063a\u0644\u064e\u0651\u0641 \u0634\u0647\u0627\u062f\u0627\u062a in-toto \u0641\u064a DSSE<\/strong> (Dead Simple Signing Envelope) \u0644\u0644\u062a\u0648\u0642\u064a\u0639. \u064a\u062d\u0644 DSSE \u0639\u062f\u0629 \u0645\u0634\u0627\u0643\u0644 \u0641\u064a \u0623\u0633\u0627\u0644\u064a\u0628 \u0627\u0644\u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0633\u0627\u0628\u0642\u0629:<\/p>\n \u064a\u0648\u0642\u0651\u0639 DSSE \u0639\u0644\u0649 \u0646\u0648\u0639 \u0627\u0644\u062d\u0645\u0648\u0644\u0629 \u0648\u0627\u0644\u062d\u0645\u0648\u0644\u0629 \u0645\u0639\u064b\u0627 (\u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 PAE \u2014 Pre-Authentication Encoding)\u060c \u0645\u0645\u0627 \u064a\u0645\u0646\u0639 \u0647\u062c\u0645\u0627\u062a \u0627\u0644\u0627\u0644\u062a\u0628\u0627\u0633 \u062d\u064a\u062b \u064a\u064f\u0639\u0627\u062f \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0648\u0642\u064a\u0639 \u0644\u0646\u0648\u0639 \u062d\u0645\u0648\u0644\u0629 \u0641\u064a \u0646\u0648\u0639 \u0622\u062e\u0631. \u064a\u062f\u0639\u0645 \u062a\u0648\u0642\u064a\u0639\u0627\u062a \u0645\u062a\u0639\u062f\u062f\u0629\u060c \u0645\u0645\u0627 \u064a\u062a\u064a\u062d \u0633\u064a\u0646\u0627\u0631\u064a\u0648\u0647\u0627\u062a \u0627\u0644\u062a\u0648\u0642\u064a\u0639 \u0645\u062a\u0639\u062f\u062f \u0627\u0644\u0623\u0637\u0631\u0627\u0641.<\/p>\n \u0627\u0644\u0639\u0644\u0627\u0642\u0629 \u0645\u0628\u0627\u0634\u0631\u0629: \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 SLSA \u0647\u0648 \u0646\u0648\u0639 predicate \u0641\u064a in-toto<\/strong>. \u0639\u0646\u062f\u0645\u0627 \u062a\u0648\u0644\u0651\u062f \u0645\u0646\u0635\u0629 \u0628\u0646\u0627\u0621 \u0645\u062a\u0648\u0627\u0641\u0642\u0629 \u0645\u0639 SLSA \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631\u060c \u0641\u0625\u0646\u0647\u0627 \u062a\u0646\u062a\u062c \u0634\u0647\u0627\u062f\u0629 in-toto \u0645\u0639 \u062f\u0639\u0648\u0646\u0627 \u0646\u0645\u0631 \u0639\u0628\u0631 \u0627\u0644\u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0639\u0645\u0644\u064a\u0629 \u0641\u064a \u0623\u0643\u062b\u0631 \u0645\u0646\u0635\u0627\u062a CI\/CD \u0634\u064a\u0648\u0639\u064b\u0627.<\/p>\n \u064a\u0648\u0641\u0631 \u0645\u0634\u0631\u0648\u0639 \u0644\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0639\u0627\u0645\u0629:<\/strong><\/p>\n \u0644\u0635\u0648\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a:<\/strong><\/p>\n \u064a\u0642\u062f\u0645 GitHub \u0627\u0644\u0622\u0646 \u0634\u0647\u0627\u062f\u0627\u062a \u0623\u0635\u0644\u064a\u0629 \u0644\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0645\u0646 \u062e\u0644\u0627\u0644 \u0644\u0627 \u064a\u0645\u062a\u0644\u0643 GitLab \u062d\u062a\u0649 \u0627\u0644\u0622\u0646 \u0645\u0648\u0644\u0651\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 SLSA \u0623\u0635\u0644\u064a \u0628\u0646\u0641\u0633 \u0646\u0636\u062c GitHub\u060c \u0644\u0643\u0646 \u064a\u0645\u0643\u0646\u0643 \u062a\u0648\u0644\u064a\u062f \u0648\u062a\u0648\u0642\u064a\u0639 \u0628\u064a\u0627\u0646\u0627\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0627\u0644\u0648\u0635\u0641\u064a\u0629 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0623\u062f\u0648\u0627\u062a \u0625\u0637\u0627\u0631 SLSA \u0645\u0628\u0627\u0634\u0631\u0629.<\/p>\n \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u0635\u0648\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a\u060c \u064a\u062a\u0645 \u0639\u0627\u062f\u0629\u064b \u062a\u062e\u0632\u064a\u0646 \u0634\u0647\u0627\u062f\u0627\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0628\u062c\u0627\u0646\u0628 \u0627\u0644\u0635\u0648\u0631\u0629 \u0641\u064a \u0633\u062c\u0644 OCI \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0646\u0645\u0648\u0630\u062c \u0634\u0647\u0627\u062f\u0627\u062a Cosign. \u062a\u064f\u062e\u0632\u064e\u0651\u0646 \u0627\u0644\u0634\u0647\u0627\u062f\u0629 \u0643\u0642\u0637\u0639\u0629 OCI \u0645\u0646\u0641\u0635\u0644\u0629 \u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0627\u0644\u0635\u0648\u0631\u0629 \u0639\u0628\u0631 \u0627\u0644\u0628\u0635\u0645\u0629:<\/p>\n \u064a\u0633\u062a\u0641\u064a\u062f \u0647\u0630\u0627 \u0627\u0644\u0646\u0647\u062c \u0645\u0646 \u0648\u0627\u062c\u0647\u0629 referrers API \u0641\u064a \u0645\u0648\u0627\u0635\u0641\u0627\u062a \u062a\u0648\u0632\u064a\u0639 OCI\u060c \u0627\u0644\u062a\u064a \u062a\u0633\u0645\u062d \u0644\u0644\u0639\u0645\u0644\u0627\u0621 \u0628\u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u0634\u0647\u0627\u062f\u0627\u062a \u0627\u0644\u0645\u0631\u062a\u0628\u0637\u0629 \u0628\u0640 image manifest \u0645\u0639\u064a\u0646. \u064a\u0645\u0643\u0646 \u0644\u0623\u062f\u0648\u0627\u062a \u0645\u062b\u0644 \u062a\u0648\u0644\u064a\u062f \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0647\u0648 \u0646\u0635\u0641 \u0627\u0644\u0642\u0635\u0629 \u0641\u0642\u0637. \u064a\u062c\u0628 \u0639\u0644\u0649 \u0627\u0644\u0645\u0633\u062a\u0647\u0644\u0643\u064a\u0646 \u2014 \u0633\u0648\u0627\u0621 \u0645\u0634\u063a\u0644\u0648\u0646 \u0628\u0634\u0631\u064a\u0648\u0646 \u0623\u0648 \u0623\u0646\u0638\u0645\u0629 \u0622\u0644\u064a\u0629 \u2014 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0642\u0628\u0644 \u0627\u0644\u0648\u062b\u0648\u0642 \u0628\u0642\u0637\u0639\u0629 \u0628\u0631\u0645\u062c\u064a\u0629.<\/p>\n \u062a\u062a\u062d\u0642\u0642 \u0623\u062f\u0627\u0629 \u064a\u062a\u062d\u0642\u0642 \u0627\u0644\u0645\u062f\u0642\u0642 \u0645\u0645\u0627 \u064a\u0644\u064a:<\/p>\n \u0644\u0644\u062a\u062d\u0642\u0642 \u0627\u0644\u0623\u0643\u062b\u0631 \u0645\u0631\u0648\u0646\u0629\u060c \u064a\u062a\u064a\u062d \u0644\u0643 \u0644\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0645\u0634\u0647\u0648\u062f \u0639\u0644\u064a\u0647\u0627 \u0628\u0645\u064a\u0632\u0629 \u0627\u0644\u0634\u0647\u0627\u062f\u0627\u062a \u0627\u0644\u0623\u0635\u0644\u064a\u0629 \u0645\u0646 GitHub\u060c \u064a\u0648\u0641\u0631 \u0644\u0628\u0648\u0627\u0628\u0627\u062a \u0646\u0634\u0631 \u0627\u0644\u0625\u0646\u062a\u0627\u062c\u060c \u064a\u0645\u0643\u0646 \u0644\u0648\u062d\u062f\u0627\u062a \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0642\u0628\u0648\u0644 \u0641\u0631\u0636 \u0633\u064a\u0627\u0633\u0627\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627. \u0625\u0644\u064a\u0643 \u0645\u062b\u0627\u0644\u064b\u0627 \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 policy-controller \u0645\u0646 Sigstore \u0641\u064a \u0639\u0646\u0642\u0648\u062f Kubernetes:<\/p>\n \u0628\u063a\u0636 \u0627\u0644\u0646\u0638\u0631 \u0639\u0646 \u0627\u0644\u0623\u062f\u0627\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629\u060c \u064a\u062c\u0628 \u0623\u0646 \u064a\u0624\u0643\u062f \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631:<\/p>\n \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0648 SLSA \u0645\u0641\u0627\u0647\u064a\u0645 \u0642\u0648\u064a\u0629\u060c \u0644\u0643\u0646 \u0627\u0644\u062a\u0628\u0646\u064a \u0641\u064a \u0627\u0644\u0639\u0627\u0644\u0645 \u0627\u0644\u062d\u0642\u064a\u0642\u064a \u064a\u0623\u062a\u064a \u0645\u0639 \u062a\u062d\u062f\u064a\u0627\u062a \u0643\u0628\u064a\u0631\u0629. \u0627\u0644\u062a\u0642\u064a\u064a\u0645 \u0627\u0644\u0635\u0627\u062f\u0642 \u064a\u0633\u0627\u0639\u062f \u0627\u0644\u0641\u0631\u0642 \u0639\u0644\u0649 \u0627\u0644\u062a\u062e\u0637\u064a\u0637 \u0644\u0627\u0633\u062a\u0631\u0627\u062a\u064a\u062c\u064a\u0627\u062a \u062a\u0628\u0646\u064a \u0648\u0627\u0642\u0639\u064a\u0629.<\/p>\n \u064a\u062a\u0637\u0644\u0628 SLSA Level 3 \u0628\u064a\u0626\u0627\u062a \u0628\u0646\u0627\u0621 \u0645\u062d\u0635\u0651\u0646\u0629 \u0648\u0645\u0639\u0632\u0648\u0644\u0629 \u2014 \u0648\u0647\u0646\u0627 \u062a\u0648\u0627\u062c\u0647 \u0645\u0639\u0638\u0645 \u0627\u0644\u0645\u0624\u0633\u0633\u0627\u062a \u0627\u062d\u062a\u0643\u0627\u0643\u064b\u0627. \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u0645\u062d\u0643\u0645 \u064a\u0639\u0646\u064a \u0623\u0646 \u0643\u0644 \u062a\u0628\u0639\u064a\u0629 \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0645\u0639\u0644\u0646\u0629 \u0635\u0631\u0627\u062d\u0629 \u0648\u064a\u062a\u0645 \u062c\u0644\u0628\u0647\u0627 \u0639\u0628\u0631 \u0642\u0646\u0648\u0627\u062a \u0645\u062a\u062d\u0643\u0645 \u0628\u0647\u0627. \u0644\u0627 \u062a\u062d\u0645\u064a\u0644 \u062d\u0632\u0645 \u0639\u0634\u0648\u0627\u0626\u064a\u0629 \u0645\u0646 \u0627\u0644\u0625\u0646\u062a\u0631\u0646\u062a \u0623\u062b\u0646\u0627\u0621 \u0627\u0644\u0628\u0646\u0627\u0621. \u0644\u0627 \u0648\u0635\u0648\u0644 \u0634\u0628\u0643\u064a \u0625\u0644\u0649 \u062e\u062f\u0645\u0627\u062a \u063a\u064a\u0631 \u0645\u0639\u0644\u0646\u0629.<\/p>\n \u0628\u0627\u0644\u0646\u0633\u0628\u0629 \u0644\u0644\u0639\u062f\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0634\u0627\u0631\u064a\u0639\u060c \u064a\u062a\u0637\u0644\u0628 \u0647\u0630\u0627 \u062a\u063a\u064a\u064a\u0631\u0627\u062a \u062c\u0648\u0647\u0631\u064a\u0629 \u0641\u064a \u0637\u0631\u064a\u0642\u0629 \u0639\u0645\u0644 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621. \u0627\u0644\u0644\u063a\u0627\u062a \u0630\u0627\u062a \u0623\u0646\u0638\u0645\u0629 \u0627\u0644\u062d\u0632\u0645 \u0627\u0644\u063a\u0646\u064a\u0629 (Node.js \u0648 Python \u0648 Go) \u063a\u0627\u0644\u0628\u064b\u0627 \u0645\u0627 \u062a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0639\u0645\u0644\u064a\u0627\u062a \u0628\u0646\u0627\u0621 \u062a\u062d\u0645\u0651\u0644 \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0636\u0645\u0646\u064a\u064b\u0627. \u0627\u0644\u0627\u0646\u062a\u0642\u0627\u0644 \u0625\u0644\u0649 \u0646\u0645\u0648\u0630\u062c \u0645\u062d\u0643\u0645 \u064a\u0639\u0646\u064a \u062a\u0636\u0645\u064a\u0646 \u0627\u0644\u062a\u0628\u0639\u064a\u0627\u062a \u0645\u062d\u0644\u064a\u064b\u0627\u060c \u0623\u0648 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u0644\u0641\u0627\u062a \u0642\u0641\u0644 \u0645\u0639 \u0641\u062d\u0648\u0635\u0627\u062a \u0646\u0632\u0627\u0647\u0629\u060c \u0623\u0648 \u062a\u0634\u063a\u064a\u0644 \u0639\u0645\u0644\u064a\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u062e\u0644\u0641 \u0648\u0643\u064a\u0644 \u062a\u0628\u0639\u064a\u0627\u062a \u064a\u0641\u0631\u0636 \u0642\u0627\u0626\u0645\u0629 \u0633\u0645\u0627\u062d.<\/p>\n \u0627\u0644\u0628\u0627\u0646\u0648\u0646 \u0627\u0644\u0645\u0639\u0632\u0648\u0644\u0648\u0646 \u064a\u0636\u064a\u0641\u0648\u0646 \u062a\u0643\u0644\u0641\u0629 \u062a\u0634\u063a\u064a\u0644\u064a\u0629. \u0628\u064a\u0626\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u0645\u0624\u0642\u062a\u0629 \u0627\u0644\u062a\u064a \u062a\u064f\u062f\u0645\u064e\u0651\u0631 \u0628\u0639\u062f \u0643\u0644 \u0628\u0646\u0627\u0621 \u062a\u0645\u0646\u0639 \u0627\u0644\u062a\u0644\u0648\u062b \u0627\u0644\u0645\u062a\u0628\u0627\u062f\u0644 \u0644\u0643\u0646\u0647\u0627 \u062a\u0632\u064a\u062f \u0623\u0648\u0642\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u062a\u0643\u0627\u0644\u064a\u0641 \u0627\u0644\u0628\u0646\u064a\u0629 \u0627\u0644\u062a\u062d\u062a\u064a\u0629. \u0639\u0648\u0627\u0645\u0644 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641\u0629 \u0630\u0627\u062a\u064a\u064b\u0627 \u0639\u0644\u0649 GitHub Actions\u060c \u0645\u062b\u0644\u0627\u064b\u060c \u0644\u0627 \u062a\u0648\u0641\u0631 \u0646\u0641\u0633 \u0636\u0645\u0627\u0646\u0627\u062a \u0627\u0644\u0639\u0632\u0644 \u0627\u0644\u062a\u064a \u062a\u0648\u0641\u0631\u0647\u0627 \u0639\u0648\u0627\u0645\u0644 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0645\u0633\u062a\u0636\u0627\u0641\u0629 \u0645\u0646 GitHub.<\/p>\n \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a \u0644\u0640 SLSA \u064a\u0646\u0636\u062c \u0628\u0633\u0631\u0639\u0629 \u0644\u0643\u0646\u0647 \u0644\u0627 \u064a\u0632\u0627\u0644 \u064a\u062d\u062a\u0648\u064a \u0639\u0644\u0649 \u0641\u062c\u0648\u0627\u062a:<\/p>\n \u0628\u064a\u0646\u0645\u0627 \u064a\u0645\u062a\u0644\u0643 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0635\u0648\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a \u0646\u0645\u0648\u0630\u062c\u064b\u0627 \u0648\u0627\u0636\u062d\u064b\u0627 \u0644\u0644\u062a\u062e\u0632\u064a\u0646 \u0648\u0627\u0644\u062a\u0648\u0632\u064a\u0639 (\u0633\u062c\u0644\u0627\u062a OCI \u0648 referrers)\u060c \u062a\u0648\u0627\u062c\u0647 \u0623\u0646\u0648\u0627\u0639 \u0627\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0623\u062e\u0631\u0649 \u062a\u062d\u062f\u064a\u0627\u062a:<\/p>\n \u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0627\u0644\u0635\u0627\u0631\u0645\u0629 \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0628\u0637\u0626 \u0633\u064a\u0631 \u0639\u0645\u0644 \u0627\u0644\u062a\u0637\u0648\u064a\u0631:<\/p>\n \u064a\u0633\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0627\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0641\u062c\u0648\u0629 \u062c\u0648\u0647\u0631\u064a\u0629 \u0641\u064a \u0623\u0645\u0646 \u0633\u0644\u0633\u0644\u0629 \u062a\u0648\u0631\u064a\u062f \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u0628\u064a\u0646\u0645\u0627 \u062a\u062b\u0628\u062a \u0627\u0644\u062a\u0648\u0642\u064a\u0639\u0627\u062a \u0645\u0646<\/em> \u0648\u0627\u0641\u0642 \u0639\u0644\u0649 \u0642\u0637\u0639\u0629 \u0628\u0631\u0645\u062c\u064a\u0629\u060c \u064a\u062b\u0628\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0643\u064a\u0641 \u062a\u0645 \u0628\u0646\u0627\u0624\u0647\u0627 \u0641\u0639\u0644\u0627\u064b<\/em>. \u0625\u0644\u0649 \u062c\u0627\u0646\u0628 \u0646\u0645\u0648\u0630\u062c \u0646\u0636\u062c \u0625\u0637\u0627\u0631 SLSA \u0648\u062a\u0646\u0633\u064a\u0642 \u0634\u0647\u0627\u062f\u0627\u062a in-toto\u060c \u0644\u062f\u064a\u0646\u0627 \u0627\u0644\u0622\u0646 \u0646\u0647\u062c \u0639\u0645\u0644\u064a \u0648\u0645\u0648\u062d\u062f \u0644\u0646\u0632\u0627\u0647\u0629 \u0627\u0644\u0628\u0646\u0627\u0621.<\/p>\n \u0627\u0644\u0646\u0642\u0627\u0637 \u0627\u0644\u0631\u0626\u064a\u0633\u064a\u0629 \u0644\u0644\u0641\u0631\u0642 \u0627\u0644\u062a\u064a \u062a\u0628\u062f\u0623 \u0647\u0630\u0647 \u0627\u0644\u0631\u062d\u0644\u0629:<\/p>\n \u0623\u0645\u0646 \u0633\u0644\u0633\u0644\u0629 \u0627\u0644\u062a\u0648\u0631\u064a\u062f \u0644\u064a\u0633 \u0623\u062f\u0627\u0629 \u0648\u0627\u062d\u062f\u0629 \u0623\u0648 \u0641\u062d\u0635\u064b\u0627 \u0648\u0627\u062d\u062f\u064b\u0627. \u0625\u0646\u0647 \u0646\u0647\u062c \u0645\u062a\u0639\u062f\u062f \u0627\u0644\u0637\u0628\u0642\u0627\u062a \u062d\u064a\u062b \u064a\u0639\u0632\u0632 \u0643\u0644 \u0636\u0627\u0628\u0637 \u2014 \u0646\u0632\u0627\u0647\u0629 \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0646\u0632\u0627\u0647\u0629 \u0627\u0644\u0628\u0646\u0627\u0621 \u0648\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u2014 \u0627\u0644\u0636\u0648\u0627\u0628\u0637 \u0627\u0644\u0623\u062e\u0631\u0649. \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0647\u0648 \u0627\u0644\u0646\u0633\u064a\u062c \u0627\u0644\u0636\u0627\u0645 \u0627\u0644\u0630\u064a \u064a\u062c\u0639\u0644 \u0627\u0644\u0646\u0638\u0627\u0645 \u0628\u0623\u0643\u0645\u0644\u0647 \u0642\u0627\u0628\u0644\u064b\u0627 \u0644\u0644\u062a\u062f\u0642\u064a\u0642 \u0648\u0627\u0644\u062a\u062d\u0642\u0642. \u0627\u0628\u062f\u0623 \u0628\u062a\u0648\u0644\u064a\u062f\u0647 \u0627\u0644\u064a\u0648\u0645\u060c \u0648\u062a\u0642\u062f\u0645 \u062a\u0635\u0627\u0639\u062f\u064a\u064b\u0627.<\/p>\n","protected":false},"excerpt":{"rendered":" \u0645\u0642\u062f\u0645\u0629 \u0644\u0637\u0627\u0644\u0645\u0627 \u0643\u0627\u0646 \u062a\u0648\u0642\u064a\u0639 \u0627\u0644\u0643\u0648\u062f \u0631\u0643\u064a\u0632\u0629 \u0623\u0633\u0627\u0633\u064a\u0629 \u0641\u064a \u0623\u0645\u0646 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0627\u062a. \u0639\u0646\u062f\u0645\u0627 \u062a\u062a\u062d\u0642\u0642 \u0645\u0646 \u062a\u0648\u0642\u064a\u0639 \u0645\u0627\u060c \u062a\u0639\u0631\u0641 \u0645\u0646 \u0648\u0642\u0651\u0639 \u0639\u0644\u0649 \u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629. \u0644\u0643\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0646 \u0648\u0642\u0651\u0639 \u0639\u0644\u0649 \u0634\u064a\u0621 \u0645\u0627 \u0644\u0627 \u062a\u062e\u0628\u0631\u0643 \u0643\u064a\u0641 \u062a\u0645 \u0628\u0646\u0627\u0624\u0647\u060c \u0623\u0648 \u0623\u064a\u0646 \u062a\u0645 \u0628\u0646\u0627\u0624\u0647\u060c \u0623\u0648 \u0645\u0627 \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0635\u062f\u0631\u064a \u0627\u0644\u0630\u064a \u062f\u062e\u0644 \u0641\u064a\u0647. \u064a\u0645\u0643\u0646 \u0644\u0645\u0634\u0631\u0641 \u0623\u0646 \u064a\u0648\u0642\u0651\u0639 \u0645\u0644\u0641\u064b\u0627 \u062b\u0646\u0627\u0626\u064a\u064b\u0627 \u062a\u0645 \u062a\u062c\u0645\u064a\u0639\u0647 \u0639\u0644\u0649 \u062d\u0627\u0633\u0648\u0628 \u0645\u062d\u0645\u0648\u0644 … \u0627\u0642\u0631\u0623 \u0627\u0644\u0645\u0632\u064a\u062f<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26,27],"tags":[],"post_folder":[],"class_list":["post-783","post","type-post","status-publish","format-standard","hentry","category-ci-cd-security","category-software-supply-chain"],"_links":{"self":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/comments?post=783"}],"version-history":[{"count":1,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/783\/revisions"}],"predecessor-version":[{"id":784,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/posts\/783\/revisions\/784"}],"wp:attachment":[{"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/media?parent=783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/categories?post=783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/tags?post=783"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/secure-pipelines.com\/ar\/wp-json\/wp\/v2\/post_folder?post=783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\u0645\u0627 \u0647\u0648 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0627\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629\u061f<\/h2>\n
\n
\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0645\u0642\u0627\u0628\u0644 \u0627\u0644\u062a\u0648\u0642\u064a\u0639\u0627\u062a<\/h3>\n
\n
\u0644\u0645\u0627\u0630\u0627 \u064a\u0647\u0645 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631<\/h3>\n
\n
\u0625\u0637\u0627\u0631 \u0639\u0645\u0644 SLSA<\/h2>\n
\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u0628\u0646\u0627\u0621 \u0641\u064a SLSA<\/h3>\n
\u0645\u0633\u062a\u0648\u064a\u0627\u062a SLSA (\u0627\u0644\u0625\u0635\u062f\u0627\u0631 1.0)<\/h3>\n
Build Level 1 \u2014 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0645\u0648\u062c\u0648\u062f<\/h3>\n
\n
Build Level 2 \u2014 \u0628\u0646\u0627\u0621 \u0645\u0633\u062a\u0636\u0627\u0641 \u0648\u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0645\u0648\u0642\u0651\u0639<\/h3>\n
\n
Build Level 3 \u2014 \u0645\u0646\u0635\u0629 \u0628\u0646\u0627\u0621 \u0645\u062d\u0635\u0651\u0646\u0629<\/h3>\n
\n
Build Level 4 \u2014 \u0645\u0631\u0627\u062c\u0639\u0629 \u062b\u0646\u0627\u0626\u064a\u0629 \u0648\u0628\u0646\u0627\u0621 \u0645\u062d\u0643\u0645<\/h3>\n
\n
\u0645\u0648\u0627\u0635\u0641\u0627\u062a \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a SLSA<\/h3>\n
\n
\u0625\u0637\u0627\u0631 \u0639\u0645\u0644 in-toto \u0644\u0644\u0634\u0647\u0627\u062f\u0627\u062a<\/h2>\n
Layout \u0648 Link Metadata \u0641\u064a in-toto<\/h3>\n
\n
\u062a\u0646\u0633\u064a\u0642 \u0634\u0647\u0627\u062f\u0627\u062a in-toto<\/h3>\n
{\n \"_type\": \"https:\/\/in-toto.io\/Statement\/v1\",\n \"subject\": [\n {\n \"name\": \"my-artifact\",\n \"digest\": {\n \"sha256\": \"a1b2c3d4e5f6...\"\n }\n }\n ],\n \"predicateType\": \"https:\/\/slsa.dev\/provenance\/v1\",\n \"predicate\": { ... }\n}<\/code><\/pre>\n\n
https:\/\/slsa.dev\/provenance\/v1<\/code> \u2014 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 SLSA (\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u0628\u0646\u0627\u0621)<\/li>\nhttps:\/\/spdx.dev\/Document<\/code> \u2014 SBOM \u0628\u062a\u0646\u0633\u064a\u0642 SPDX<\/li>\nhttps:\/\/cyclonedx.org\/bom<\/code> \u2014 SBOM \u0628\u062a\u0646\u0633\u064a\u0642 CycloneDX<\/li>\nhttps:\/\/in-toto.io\/attestation\/vulns<\/code> \u2014 \u0646\u062a\u0627\u0626\u062c \u0641\u062d\u0635 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629<\/li>\n<\/ul>\nDSSE (Dead Simple Signing Envelope)<\/h3>\n
{\n \"payloadType\": \"application\/vnd.in-toto+json\",\n \"payload\": \"<base64-encoded statement>\",\n \"signatures\": [\n {\n \"keyid\": \"...\",\n \"sig\": \"<base64-encoded signature>\"\n }\n ]\n}<\/code><\/pre>\n\u0643\u064a\u0641 \u064a\u0631\u062a\u0628\u0637 in-toto \u0628\u0640 SLSA<\/h3>\n
predicateType: https:\/\/slsa.dev\/provenance\/v1<\/code>\u060c \u0648\u062a\u0648\u0642\u0651\u0639\u0647\u0627 \u0628\u0640 DSSE\u060c \u0648\u062a\u0631\u0628\u0637\u0647\u0627 \u0628\u0627\u0644\u0642\u0637\u0639\u0629 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0645\u0628\u0646\u064a\u0629 \u0639\u0628\u0631 \u062d\u0642\u0644 subject. \u064a\u062d\u062f\u062f SLSA \u0627\u0644\u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0648\u0646\u0645\u0648\u0630\u062c \u0627\u0644\u062a\u0647\u062f\u064a\u062f\u061b \u0648\u064a\u0648\u0641\u0631 in-toto \u062a\u0646\u0633\u064a\u0642 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0625\u0637\u0627\u0631 \u0627\u0644\u062a\u062d\u0642\u0642.<\/p>\n\u062a\u0648\u0644\u064a\u062f \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a CI\/CD<\/h2>\n
GitHub Actions: slsa-github-generator<\/h3>\n
slsa-framework\/slsa-github-generator<\/code> workflows \u0642\u0627\u0628\u0644\u0629 \u0644\u0625\u0639\u0627\u062f\u0629 \u0627\u0644\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062a\u0648\u0644\u0651\u062f \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 \u0628\u0645\u0633\u062a\u0648\u0649 SLSA Level 3 \u0639\u0644\u0649 GitHub Actions. \u064a\u062a\u0645 \u062a\u0648\u0644\u064a\u062f \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0628\u0648\u0627\u0633\u0637\u0629 workflow \u0645\u0633\u062a\u0636\u0627\u0641 \u0648\u0645\u0639\u0632\u0648\u0644 \u0644\u0627 \u064a\u0645\u0643\u0646 \u0644\u0645\u0633\u062a\u0623\u062c\u0631 \u0627\u0644\u0628\u0646\u0627\u0621 \u0627\u0644\u0639\u0628\u062b \u0628\u0647.<\/p>\nname: SLSA Provenance for Generic Artifacts\non:\n push:\n tags:\n - \"v*\"\n\njobs:\n build:\n runs-on: ubuntu-latest\n outputs:\n digests: ${{ steps.hash.outputs.digests }}\n steps:\n - uses: actions\/checkout@v4\n - name: Build artifact\n run: |\n go build -o my-binary .\/cmd\/app\n - name: Generate subject digest\n id: hash\n run: |\n DIGEST=$(sha256sum my-binary | base64 -w0)\n echo \"digests=$DIGEST\" >> \"$GITHUB_OUTPUT\"\n - uses: actions\/upload-artifact@v4\n with:\n name: my-binary\n path: my-binary\n\n provenance:\n needs: [build]\n permissions:\n actions: read\n id-token: write\n contents: write\n uses: slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_generic_slsa3.yml@v2.1.0\n with:\n base64-subjects: ${{ needs.build.outputs.digests }}\n upload-assets: true<\/code><\/pre>\nname: SLSA Provenance for Container Images\non:\n push:\n tags:\n - \"v*\"\n\njobs:\n build:\n runs-on: ubuntu-latest\n outputs:\n image: ${{ steps.build.outputs.image }}\n digest: ${{ steps.build.outputs.digest }}\n permissions:\n packages: write\n steps:\n - uses: actions\/checkout@v4\n - name: Log in to GHCR\n uses: docker\/login-action@v3\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n - name: Build and push\n id: build\n uses: docker\/build-push-action@v5\n with:\n push: true\n tags: ghcr.io\/${{ github.repository }}:${{ github.ref_name }}\n\n provenance:\n needs: [build]\n permissions:\n actions: read\n id-token: write\n packages: write\n uses: slsa-framework\/slsa-github-generator\/.github\/workflows\/generator_container_slsa3.yml@v2.1.0\n with:\n image: ${{ needs.build.outputs.image }}\n digest: ${{ needs.build.outputs.digest }}\n registry-username: ${{ github.actor }}\n secrets:\n registry-password: ${{ secrets.GITHUB_TOKEN }}<\/code><\/pre>\nGitHub Artifact Attestations<\/h3>\n
actions\/attest-build-provenance<\/code>. \u0647\u0630\u0627 \u0623\u0628\u0633\u0637 \u0645\u0646 \u0645\u0648\u0644\u0651\u062f SLSA \u0648\u064a\u0646\u062a\u062c \u0634\u0647\u0627\u062f\u0627\u062a \u0645\u0648\u0642\u0651\u0639\u0629 \u0628\u0640 Sigstore \u0645\u062e\u0632\u0646\u0629 \u0641\u064a \u0648\u0627\u062c\u0647\u0629 \u0628\u0631\u0645\u062c\u0629 \u062a\u0637\u0628\u064a\u0642\u0627\u062a \u0627\u0644\u0634\u0647\u0627\u062f\u0627\u062a \u0641\u064a GitHub.<\/p>\nname: Build and Attest\non:\n push:\n branches: [main]\n\njobs:\n build:\n runs-on: ubuntu-latest\n permissions:\n id-token: write\n contents: read\n attestations: write\n steps:\n - uses: actions\/checkout@v4\n - name: Build binary\n run: go build -o my-binary .\/cmd\/app\n - name: Attest build provenance\n uses: actions\/attest-build-provenance@v2\n with:\n subject-path: my-binary\n - name: Attest container image\n uses: actions\/attest-build-provenance@v2\n with:\n subject-name: ghcr.io\/${{ github.repository }}\n subject-digest: ${{ steps.push.outputs.digest }}\n push-to-registry: true<\/code><\/pre>\nGitLab CI: \u062a\u0648\u0644\u064a\u062f \u0628\u064a\u0627\u0646\u0627\u062a \u0648\u0635\u0641\u064a\u0629 \u0644\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631<\/h3>\n
stages:\n - build\n - provenance\n\nbuild:\n stage: build\n image: golang:1.22\n script:\n - go build -o my-binary .\/cmd\/app\n - sha256sum my-binary > checksums.txt\n artifacts:\n paths:\n - my-binary\n - checksums.txt\n\ngenerate-provenance:\n stage: provenance\n image: ghcr.io\/slsa-framework\/slsa-generator-generic:v2.1.0\n needs: [build]\n script:\n - |\n cat > provenance.json <<PROV\n {\n \"_type\": \"https:\/\/in-toto.io\/Statement\/v1\",\n \"subject\": [\n {\n \"name\": \"my-binary\",\n \"digest\": {\n \"sha256\": \"$(sha256sum my-binary | awk '{print $1}')\"\n }\n }\n ],\n \"predicateType\": \"https:\/\/slsa.dev\/provenance\/v1\",\n \"predicate\": {\n \"buildDefinition\": {\n \"buildType\": \"https:\/\/gitlab.com\/gitlab-ci\",\n \"externalParameters\": {\n \"repository\": \"${CI_PROJECT_URL}\",\n \"ref\": \"${CI_COMMIT_SHA}\"\n }\n },\n \"runDetails\": {\n \"builder\": {\n \"id\": \"https:\/\/gitlab.com\/${CI_PROJECT_PATH}\/-\/runners\/${CI_RUNNER_ID}\"\n },\n \"metadata\": {\n \"invocationId\": \"${CI_PIPELINE_URL}\",\n \"startedOn\": \"${CI_PIPELINE_CREATED_AT}\"\n }\n }\n }\n }\n PROV\n - cosign attest-blob --predicate provenance.json --type slsaprovenance my-binary\n artifacts:\n paths:\n - provenance.json<\/code><\/pre>\n\u062a\u062e\u0632\u064a\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a \u0633\u062c\u0644\u0627\u062a OCI<\/h3>\n
# Attach provenance to a container image in the registry\ncosign attest --predicate provenance.json \\\n --type slsaprovenance \\\n --key cosign.key \\\n ghcr.io\/myorg\/myimage@sha256:abc123...\n\n# For keyless signing with Sigstore\ncosign attest --predicate provenance.json \\\n --type slsaprovenance \\\n --yes \\\n ghcr.io\/myorg\/myimage@sha256:abc123...<\/code><\/pre>\ncosign<\/code> \u0648crane<\/code> \u0628\u0639\u062f \u0630\u0644\u0643 \u062c\u0644\u0628 \u0647\u0630\u0647 \u0627\u0644\u0634\u0647\u0627\u062f\u0627\u062a \u0648\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647\u0627 \u0623\u062b\u0646\u0627\u0621 \u0627\u0644\u0646\u0634\u0631.<\/p>\n\u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631<\/h2>\n
\u0623\u062f\u0627\u0629 slsa-verifier CLI<\/h3>\n
slsa-verifier<\/code> \u0645\u0646 \u0625\u062b\u0628\u0627\u062a \u0645\u0635\u062f\u0631 SLSA \u0627\u0644\u0645\u064f\u0648\u0644\u064e\u0651\u062f \u0628\u0648\u0627\u0633\u0637\u0629 \u0628\u0627\u0646\u064a\u0646 \u0645\u0648\u062b\u0648\u0642\u064a\u0646 (\u062d\u0627\u0644\u064a\u064b\u0627 \u0627\u0644\u0628\u0627\u0646\u0648\u0646 \u0627\u0644\u0645\u0628\u0646\u064a\u0648\u0646 \u0639\u0644\u0649 GitHub Actions).<\/p>\n# Verify a generic artifact\nslsa-verifier verify-artifact my-binary \\\n --provenance-path my-binary.intoto.jsonl \\\n --source-uri github.com\/myorg\/myrepo \\\n --source-tag v1.2.3\n\n# Verify a container image\nslsa-verifier verify-image ghcr.io\/myorg\/myimage@sha256:abc123... \\\n --source-uri github.com\/myorg\/myrepo \\\n --source-tag v1.2.3<\/code><\/pre>\n\n
cosign verify-attestation<\/h3>\n
cosign verify-attestation<\/code> \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0634\u0647\u0627\u062f\u0627\u062a in-toto \u0627\u0644\u0645\u0631\u0641\u0642\u0629 \u0628\u0635\u0648\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a \u0645\u0639 \u062a\u0635\u0641\u064a\u0629 \u0627\u0644\u0646\u0648\u0639:<\/p>\n# Verify SLSA provenance attestation\ncosign verify-attestation \\\n --type slsaprovenance \\\n --certificate-identity \"https:\/\/github.com\/myorg\/myrepo\/.github\/workflows\/release.yml@refs\/tags\/v1.2.3\" \\\n --certificate-oidc-issuer \"https:\/\/token.actions.githubusercontent.com\" \\\n ghcr.io\/myorg\/myimage@sha256:abc123...\n\n# Verify with a CUE policy\ncosign verify-attestation \\\n --type slsaprovenance \\\n --policy policy.cue \\\n ghcr.io\/myorg\/myimage@sha256:abc123...\n\n# Verify with a Rego policy\ncosign verify-attestation \\\n --type slsaprovenance \\\n --policy policy.rego \\\n ghcr.io\/myorg\/myimage@sha256:abc123...<\/code><\/pre>\ngh attestation verify<\/h3>\n
gh<\/code> CLI \u062a\u062d\u0642\u0642\u064b\u0627 \u0645\u062f\u0645\u062c\u064b\u0627:<\/p>\n# Verify a local artifact\ngh attestation verify my-binary \\\n --owner myorg\n\n# Verify a container image\ngh attestation verify oci:\/\/ghcr.io\/myorg\/myimage@sha256:abc123... \\\n --owner myorg\n\n# Download and inspect the attestation bundle\ngh attestation download my-binary \\\n --owner myorg \\\n --output attestation.jsonl<\/code><\/pre>\n\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0641\u064a \u0648\u062d\u062f\u0627\u062a \u0627\u0644\u062a\u062d\u0643\u0645 \u0641\u064a \u0627\u0644\u0642\u0628\u0648\u0644<\/h3>\n
apiVersion: policy.sigstore.dev\/v1beta1\nkind: ClusterImagePolicy\nmetadata:\n name: require-slsa-provenance\nspec:\n images:\n - glob: \"ghcr.io\/myorg\/**\"\n authorities:\n - keyless:\n url: https:\/\/fulcio.sigstore.dev\n identities:\n - issuer: https:\/\/token.actions.githubusercontent.com\n subject: \"https:\/\/github.com\/myorg\/*\"\n attestations:\n - name: must-have-slsa-provenance\n predicateType: https:\/\/slsa.dev\/provenance\/v1\n policy:\n type: cue\n data: |\n predicateType: \"https:\/\/slsa.dev\/provenance\/v1\"\n predicate: buildDefinition: {\n buildType: =~\"^https:\/\/github.com\/slsa-framework\/slsa-github-generator\/\"\n }<\/code><\/pre>\n\u0645\u0627 \u064a\u062c\u0628 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647 \u0623\u062b\u0646\u0627\u0621 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642<\/h3>\n
\n
\u0627\u0644\u062a\u062d\u062f\u064a\u0627\u062a \u0627\u0644\u0639\u0645\u0644\u064a\u0629<\/h2>\n
\u062a\u062d\u0642\u064a\u0642 SLSA Level 3+ \u0635\u0639\u0628<\/h3>\n
\u0646\u0636\u062c \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0648\u0641\u062c\u0648\u0627\u062a \u0627\u0644\u0646\u0638\u0627\u0645 \u0627\u0644\u0628\u064a\u0626\u064a<\/h3>\n
\n
\u0625\u062b\u0628\u0627\u062a \u0627\u0644\u0645\u0635\u062f\u0631 \u0644\u0644\u0642\u0637\u0639 \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u063a\u064a\u0631 \u0627\u0644\u062d\u0627\u0648\u064a\u0627\u062a<\/h3>\n
\n
.intoto.jsonl<\/code>) \u0628\u062c\u0627\u0646\u0628 \u0627\u0644\u0645\u0644\u0641 \u0627\u0644\u062b\u0646\u0627\u0626\u064a \u0641\u064a \u0623\u0635\u0648\u0644 \u0627\u0644\u0625\u0635\u062f\u0627\u0631. \u0647\u0630\u0627 \u064a\u0639\u0645\u0644 \u0644\u0643\u0646\u0647 \u064a\u062a\u0637\u0644\u0628 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u0647\u0644\u0643\u064a\u0646 \u0645\u0639\u0631\u0641\u0629 \u0645\u0643\u0627\u0646 \u0627\u0644\u0639\u062b\u0648\u0631 \u0639\u0644\u064a\u0647 \u0648\u0643\u064a\u0641\u064a\u0629 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646\u0647.<\/li>\n<\/ul>\n\u0627\u0644\u0645\u0648\u0627\u0632\u0646\u0629 \u0628\u064a\u0646 \u0627\u0644\u0635\u0631\u0627\u0645\u0629 \u0648\u0633\u0631\u0639\u0629 \u0627\u0644\u0645\u0637\u0648\u0631\u064a\u0646<\/h3>\n
\n
\u0627\u0644\u062e\u0644\u0627\u0635\u0629<\/h2>\n
\n