Macaron - Report

Target information

Full name	micronaut-projects/micronaut-validation
Local cloned path	git_repos/github_com/micronaut-projects/micronaut-validation
Remote path	https://github.com/micronaut-projects/micronaut-validation
Branch	master
Commit hash	52987896f5b38df0fef2926cdd295d85417b800a
Commit date	2023-05-16T15:43:44+00:00

Provenance summary

This is the provenance found for this repository.

github_actions:
- 0:
  - _type: https://in-toto.io/Statement/v0.1
  - predicateType: https://slsa.dev/provenance/v0.2
  - subject:
    - 0:
      - name: build/repo/io/micronaut/validation/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.module
      - digest:
        
        sha256: 103f5c490fe7ce76f8e7cc47101cd920cbe82a0b086b70ae8cd5e7e2a0114413
    - 1:
      - name: build/repo/io/micronaut/validation/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.pom
      - digest:
        
        sha256: 5101488137477d4fc0386b9db5705104e0a832ba688d99f4186cccd3fdbec795
    - 2:
      - name: build/repo/io/micronaut/validation/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.toml
      - digest:
        
        sha256: 11cc441293985675d9d0478af69d4294a89838cb6b7dbbd0426db8a095757d6b
    - 3:
      - name: build/repo/io/micronaut/validation/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7-javadoc.jar
      - digest:
        
        sha256: e0698c015fa970760db3af7b703a041d6d9439197b14e521d3e8868654b5c3d3
    - 4:
      - name: build/repo/io/micronaut/validation/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7-sources.jar
      - digest:
        
        sha256: c057688671d8d4579f749ff193e82e1bfcc1b3c5ccbc10d0de6e06da4e736f2e
    - 5:
      - name: build/repo/io/micronaut/validation/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.jar
      - digest:
        
        sha256: 49b569a7b7301d7d491cbc588c349b43733c79cc7b16afa32587011317412e4e
    - 6:
      - name: build/repo/io/micronaut/validation/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.module
      - digest:
        
        sha256: fb70d44b9d65399ede291285577167040b6ef3d3aab3970fd74e147eb124d68a
    - 7:
      - name: build/repo/io/micronaut/validation/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.pom
      - digest:
        
        sha256: 5b3f1b24fc9a1b7b51644f8fa758cec0fae11c9bfefc52c3c38f85bdf918926d
    - 8:
      - name: build/repo/io/micronaut/validation/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7-javadoc.jar
      - digest:
        
        sha256: d19f8837b9e5c2f3382e264ccfcbe25d23c0d337f19827280022ca113965c94c
    - 9:
      - name: build/repo/io/micronaut/validation/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7-sources.jar
      - digest:
        
        sha256: 8e3932572123caa23b907e984604d0806c144e91d8b87f77bb182d9c47785a39
    - 10:
      - name: build/repo/io/micronaut/validation/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.jar
      - digest:
        
        sha256: 2a8e794fdbdf2f7b935da675d348f1b0855dedeed9c590a9df6f1a06060e8fdf
    - 11:
      - name: build/repo/io/micronaut/validation/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.module
      - digest:
        
        sha256: 015d48ef849ae3eafb220d33f5666b7e1d3cb1391c0e156cba3b8d9596f0040e
    - 12:
      - name: build/repo/io/micronaut/validation/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.pom
      - digest:
        
        sha256: 3e56973f6e3e5da5a5ebfb30b5c4ea1766bc81a4f2abd38e769a9094580ec992
  - predicate:
    - builder:
      - id: https://github.com/slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@refs/tags/v1.6.0
    - buildType: https://github.com/slsa-framework/slsa-github-generator/generic@v1
    - invocation:
      - configSource:
        
        uri: git+https://github.com/micronaut-projects/micronaut-validation@refs/tags/v4.0.0-M7
        
        digest:
        
        sha1: 6dc9897c142bede45ae18907c8913d40e6f24061
        
        entryPoint: .github/workflows/release.yml
      - parameters:
      - environment:
        
        github_actor: graemerocher
        
        github_actor_id: 66626
        
        github_base_ref:
        
        github_event_name: release
        
        github_event_payload:
        
        action: published
        
        organization:
        
        avatar_url: https://avatars.githubusercontent.com/u/36880643?v=4
        
        description:
        
        events_url: https://api.github.com/orgs/micronaut-projects/events
        
        hooks_url: https://api.github.com/orgs/micronaut-projects/hooks
        
        id: 36880643
        
        issues_url: https://api.github.com/orgs/micronaut-projects/issues
        
        login: micronaut-projects
        
        members_url: https://api.github.com/orgs/micronaut-projects/members{/member}
        
        node_id: MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz
        
        public_members_url: https://api.github.com/orgs/micronaut-projects/public_members{/member}
        
        repos_url: https://api.github.com/orgs/micronaut-projects/repos
        
        url: https://api.github.com/orgs/micronaut-projects
        
        release:
        
        assets:
        
        assets_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/releases/103184697/assets
        
        author:
        
        avatar_url: https://avatars.githubusercontent.com/u/66626?v=4
        
        events_url: https://api.github.com/users/graemerocher/events{/privacy}
        
        followers_url: https://api.github.com/users/graemerocher/followers
        
        following_url: https://api.github.com/users/graemerocher/following{/other_user}
        
        gists_url: https://api.github.com/users/graemerocher/gists{/gist_id}
        
        gravatar_id:
        
        html_url: https://github.com/graemerocher
        
        id: 66626
        
        login: graemerocher
        
        node_id: MDQ6VXNlcjY2NjI2
        
        organizations_url: https://api.github.com/users/graemerocher/orgs
        
        received_events_url: https://api.github.com/users/graemerocher/received_events
        
        repos_url: https://api.github.com/users/graemerocher/repos
        
        site_admin: False
        
        starred_url: https://api.github.com/users/graemerocher/starred{/owner}{/repo}
        
        subscriptions_url: https://api.github.com/users/graemerocher/subscriptions
        
        type: User
        
        url: https://api.github.com/users/graemerocher
        
        body:  ## What's Changed ### Dependency updates 🚀 * chore(deps): update plugin io.micronaut.build.shared.settings to v6.4.4 by @renovate in https://github.com/micronaut-projects/micronaut-validation/pull/119 * fix(deps): update dependency org.apache.groovy:groovy-bom to v4.0.12 by @renovate in https://github.com/micronaut-projects/micronaut-validation/pull/120 * chore(deps): update slsa-framework/slsa-github-generator action to v1.6.0 by @renovate in https://github.com/micronaut-projects/micronaut-validation/pull/121 ### Other Changes 💡 * Correct validation visitor + Gradle build by @dstepanov in https://github.com/micronaut-projects/micronaut-validation/pull/123 **Full Changelog**: https://github.com/micronaut-projects/micronaut-validation/compare/v4.0.0-M6...v4.0.0-M7
        
        created_at: 2023-05-16T15:35:24Z
        
        draft: False
        
        html_url: https://github.com/micronaut-projects/micronaut-validation/releases/tag/v4.0.0-M7
        
        id: 103184697
        
        mentions_count: 2
        
        name: Micronaut Validation v4.0.0-M7
        
        node_id: RE_kwDOHZ_5t84GJnk5
        
        prerelease: True
        
        published_at: 2023-05-16T15:39:59Z
        
        tag_name: v4.0.0-M7
        
        tarball_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/tarball/v4.0.0-M7
        
        target_commitish: master
        
        upload_url: https://uploads.github.com/repos/micronaut-projects/micronaut-validation/releases/103184697/assets{?name,label}
        
        url: https://api.github.com/repos/micronaut-projects/micronaut-validation/releases/103184697
        
        zipball_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/zipball/v4.0.0-M7
        
        repository:
        
        allow_forking: True
        
        archive_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/{archive_format}{/ref}
        
        archived: False
        
        assignees_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/assignees{/user}
        
        blobs_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/git/blobs{/sha}
        
        branches_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/branches{/branch}
        
        clone_url: https://github.com/micronaut-projects/micronaut-validation.git
        
        collaborators_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/collaborators{/collaborator}
        
        comments_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/comments{/number}
        
        commits_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/commits{/sha}
        
        compare_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/compare/{base}...{head}
        
        contents_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/contents/{+path}
        
        contributors_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/contributors
        
        created_at: 2022-05-27T14:15:54Z
        
        default_branch: master
        
        deployments_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/deployments
        
        description: Validation support for Micronaut
        
        disabled: False
        
        downloads_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/downloads
        
        events_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/events
        
        fork: False
        
        forks: 1
        
        forks_count: 1
        
        forks_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/forks
        
        full_name: micronaut-projects/micronaut-validation
        
        git_commits_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/git/commits{/sha}
        
        git_refs_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/git/refs{/sha}
        
        git_tags_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/git/tags{/sha}
        
        git_url: git://github.com/micronaut-projects/micronaut-validation.git
        
        has_discussions: False
        
        has_downloads: True
        
        has_issues: True
        
        has_pages: True
        
        has_projects: True
        
        has_wiki: True
        
        homepage:
        
        hooks_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/hooks
        
        html_url: https://github.com/micronaut-projects/micronaut-validation
        
        id: 497023415
        
        is_template: False
        
        issue_comment_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/issues/comments{/number}
        
        issue_events_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/issues/events{/number}
        
        issues_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/issues{/number}
        
        keys_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/keys{/key_id}
        
        labels_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/labels{/name}
        
        language: Java
        
        languages_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/languages
        
        license:
        
        key: apache-2.0
        
        name: Apache License 2.0
        
        node_id: MDc6TGljZW5zZTI=
        
        spdx_id: Apache-2.0
        
        url: https://api.github.com/licenses/apache-2.0
        
        merges_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/merges
        
        milestones_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/milestones{/number}
        
        mirror_url:
        
        0: None
        
        name: micronaut-validation
        
        node_id: R_kgDOHZ_5tw
        
        notifications_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/notifications{?since,all,participating}
        
        open_issues: 4
        
        open_issues_count: 4
        
        owner:
        
        avatar_url: https://avatars.githubusercontent.com/u/36880643?v=4
        
        events_url: https://api.github.com/users/micronaut-projects/events{/privacy}
        
        followers_url: https://api.github.com/users/micronaut-projects/followers
        
        following_url: https://api.github.com/users/micronaut-projects/following{/other_user}
        
        gists_url: https://api.github.com/users/micronaut-projects/gists{/gist_id}
        
        gravatar_id:
        
        html_url: https://github.com/micronaut-projects
        
        id: 36880643
        
        login: micronaut-projects
        
        node_id: MDEyOk9yZ2FuaXphdGlvbjM2ODgwNjQz
        
        organizations_url: https://api.github.com/users/micronaut-projects/orgs
        
        received_events_url: https://api.github.com/users/micronaut-projects/received_events
        
        repos_url: https://api.github.com/users/micronaut-projects/repos
        
        site_admin: False
        
        starred_url: https://api.github.com/users/micronaut-projects/starred{/owner}{/repo}
        
        subscriptions_url: https://api.github.com/users/micronaut-projects/subscriptions
        
        type: Organization
        
        url: https://api.github.com/users/micronaut-projects
        
        private: False
        
        pulls_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/pulls{/number}
        
        pushed_at: 2023-05-16T15:39:59Z
        
        releases_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/releases{/id}
        
        size: 2603
        
        ssh_url: git@github.com:micronaut-projects/micronaut-validation.git
        
        stargazers_count: 2
        
        stargazers_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/stargazers
        
        statuses_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/statuses/{sha}
        
        subscribers_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/subscribers
        
        subscription_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/subscription
        
        svn_url: https://github.com/micronaut-projects/micronaut-validation
        
        tags_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/tags
        
        teams_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/teams
        
        topics:
        
        trees_url: https://api.github.com/repos/micronaut-projects/micronaut-validation/git/trees{/sha}
        
        updated_at: 2023-03-15T18:41:43Z
        
        url: https://api.github.com/repos/micronaut-projects/micronaut-validation
        
        visibility: public
        
        watchers: 2
        
        watchers_count: 2
        
        web_commit_signoff_required: False
        
        sender:
        
        avatar_url: https://avatars.githubusercontent.com/u/66626?v=4
        
        events_url: https://api.github.com/users/graemerocher/events{/privacy}
        
        followers_url: https://api.github.com/users/graemerocher/followers
        
        following_url: https://api.github.com/users/graemerocher/following{/other_user}
        
        gists_url: https://api.github.com/users/graemerocher/gists{/gist_id}
        
        gravatar_id:
        
        html_url: https://github.com/graemerocher
        
        id: 66626
        
        login: graemerocher
        
        node_id: MDQ6VXNlcjY2NjI2
        
        organizations_url: https://api.github.com/users/graemerocher/orgs
        
        received_events_url: https://api.github.com/users/graemerocher/received_events
        
        repos_url: https://api.github.com/users/graemerocher/repos
        
        site_admin: False
        
        starred_url: https://api.github.com/users/graemerocher/starred{/owner}{/repo}
        
        subscriptions_url: https://api.github.com/users/graemerocher/subscriptions
        
        type: User
        
        url: https://api.github.com/users/graemerocher
        
        github_head_ref:
        
        github_ref: refs/tags/v4.0.0-M7
        
        github_ref_type: tag
        
        github_repository_id: 497023415
        
        github_repository_owner: micronaut-projects
        
        github_repository_owner_id: 36880643
        
        github_run_attempt: 1
        
        github_run_id: 4993945762
        
        github_run_number: 8
        
        github_sha1: 6dc9897c142bede45ae18907c8913d40e6f24061
    - metadata:
      - buildInvocationID: 4993945762-1
      - completeness:
        
        parameters: True
        
        environment: False
        
        materials: False
      - reproducible: False
    - materials:
      - 0:
        
        uri: git+https://github.com/micronaut-projects/micronaut-validation@refs/tags/v4.0.0-M7
        
        digest:
        
        sha1: 6dc9897c142bede45ae18907c8913d40e6f24061

Reports for Macaron checks

Check id	Check description	Slsa requirements	Justification	Result type
mcn_provenance_expectation_1	Check whether the SLSA provenance for the produced artifact conforms to the expected value.	Provenance conforms with expectations - SLSA Level 3	No policy defined for this repository.	UNKNOWN
mcn_build_as_code_1	The build definition and configuration executed by the build service is verifiably derived from text file definitions stored in a version control system.	Build as code - SLSA Level 3	The target repository uses build tool gradle to deploy: https://github.com/micronaut-projects/micronaut-validation/blob/52987896f5b38df0fef2926cdd295d85417b800a/.github/workflows/gradle.yml The build is triggered by: https://github.com/micronaut-projects/micronaut-validation/blob/52987896f5b38df0fef2926cdd295d85417b800a/.github/workflows/gradle.yml Deploy command: ['./gradlew', 'publishToSonatype', 'docs', '--no-daemon'] The status of the build can be seen at: https://github.com/micronaut-projects/micronaut-validation/actions/runs/4993981990	PASSED
mcn_build_script_1	Check if the target repo has a valid build script.	Scripted Build - SLSA Level 1	Check mcn_build_script_1 is set to PASSED because mcn_build_service_1 PASSED.	PASSED
mcn_build_service_1	Check if the target repo has a valid build service.	Build service - SLSA Level 2	Check mcn_build_service_1 is set to PASSED because mcn_build_as_code_1 PASSED.	PASSED
mcn_provenance_available_1	Check whether the target has intoto provenance.	Provenance - Available - SLSA Level 1 Provenance content - Identifies build instructions - SLSA Level 1 Provenance content - Identifies artifacts - SLSA Level 1 Provenance content - Identifies builder - SLSA Level 1	Found provenance in release assets: multiple.intoto.jsonl	PASSED
mcn_provenance_level_three_1	Check whether the target has SLSA provenance level 3.	Provenance - Non falsifiable - SLSA Level 3 Provenance content - Includes all build parameters - SLSA Level 3 Provenance content - Identifies entry point - SLSA Level 3 Provenance content - Identifies source code - SLSA Level 2	Successfully verified level 3: verify passed: build/repo/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.module,verify passed: build/repo/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.pom,verify passed: build/repo/micronaut-validation-bom/4.0.0-M7/micronaut-validation-bom-4.0.0-M7.toml,verify passed: build/repo/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7-javadoc.jar,verify passed: build/repo/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7-sources.jar,verify passed: build/repo/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.jar,verify passed: build/repo/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.module,verify passed: build/repo/micronaut-validation-processor/4.0.0-M7/micronaut-validation-processor-4.0.0-M7.pom,verify passed: build/repo/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7-javadoc.jar,verify passed: build/repo/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7-sources.jar,verify passed: build/repo/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.jar,verify passed: build/repo/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.module,verify passed: build/repo/micronaut-validation/4.0.0-M7/micronaut-validation-4.0.0-M7.pom	PASSED
mcn_version_control_system_1	Check whether the target repo uses a version control system.	Version controlled - SLSA Level 2	This is a Git repository: https://github.com/micronaut-projects/micronaut-validation	PASSED
mcn_trusted_builder_level_three_1	Check whether the target uses a trusted SLSA level 3 builder.	Hermetic - SLSA Level 4 Isolated - SLSA Level 3 Parameterless - SLSA Level 4 Ephemeral environment - SLSA Level 3	Could not find a trusted level 3 builder as a GitHub Actions workflow.	FAILED