实现示例type Attestation = { level: 1 | 2 | 3 | 4; builderId: string; materials: string[]; provenance?: string } function validBuilder(id: string): boolean { return /^https:\/\/[A-Za-z0-9_.\-]+\/[A-Za-z0-9_.\-]+$/.test(id) } function meets(a: Attestation, required: 1 | 2 | 3 | 4): boolean { if (!validBuilder(a.builderId)) return false if (a.level < required) return false if (required >= 3 && (!a.provenance || a.materials.length === 0)) return false return true } function gate(a: Attestation, required: 1 | 2 | 3 | 4): { ok: boolean; errors: string[] } { const errors: string[] = [] if (!meets(a, required)) errors.push('slsa-level') return { ok: errors.length === 0, errors } } 审计与发布治理审计构建等级与来源;未达标阻断并提供达标清单与步骤建议。等级策略变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复