Enhance the plugin to generate SLSA provenance data for a multi-module application #6
Description
Description:
Update the slsa-maven-plugin to ensure SLSA provenance data is generated correctly for all modules in a multi-module Maven project.
Sample SLSA provenance data structure for a multi-module maven project
{
"_type": "https://in-toto.io/Statement/v1",
"subject": [
{
"name": "core.jar",
"digest": {
"sha256": "<sha-for-core.jar>"
}
},
{
"name": "service.jar",
"digest": {
"sha256": "<sha-for-service.jar>"
}
},
{
"name": "webapp.war",
"digest": {
"sha256": "<sha-for-webapp.war>"
}
}
],
"predicateType": "https://slsa.dev/provenance/v1",
"predicate": {
"buildDefinition": {
"resolvedDependencies": [
<roll up of all the dependencies between the parent and sub-modules>
],
...
},
...
}
```
...
}
=================================================================