Stay Calm and SLSA: Generating SLSA Provenance for Your Artifacts with GoReleaser and slsa-github-generator
In an age where software is at the heart of nearly every aspect of our lives, software supply chain security has become paramount. It involves a series of measures and practices aimed at ensuring the reliability and safety of the software we use daily. As cyber threats continue to evolve, the need for robust software supply chain security has never been greater. Organizations must take steps to protect their software development and distribution processes from potential vulnerabilities and attacks.
A couple of weeks ago, I got a couple of complaints about the way GoReleaser is being versioned - more precisely, the fact that deprecated options are removed in minor instead of major versions.
Those complaints are valid, and today I'm announcing how I plan to move forward.
A little over 100 commits in small-ish quality-of-life improvements.
May is the maintainers month, so I would first like to thank all the maintainers out there for the hard work, you rock!
The Easter release is here!