mlieberman85’s gists

mlieberman85 / baseline.toml

Created January 24, 2026 21:29

	# OpenSSF Baseline Framework Definition
	# Declarative configuration for OSPS v2025.10.10 compliance controls
	#
	# This file defines all 62 controls across 3 maturity levels.
	# Users can override settings via .baseline.toml in their repository.

	[metadata]
	name = "openssf-baseline"
	display_name = "OpenSSF Baseline"
	version = "0.1.0"

mlieberman85 / example_plan.json

Created May 19, 2025 20:32

	{
	"project_name": "Test OpenSSF Baseline",
	"repository": "https://github.com/mlieberman85/test-baseline",
	"steps": [
	{
	"id": "create-security-branch",
	"action_name": "create-branch",
	"params": {
	"branch_name": "add-security-baseline-docs"
	},

mlieberman85 / example_mapping.yaml

Created May 19, 2025 15:09

	# SPDX-License-Identifier: Apache-2.0

	mappings:
	- id: "openssf-baseline-remediation"
	reason: "Apply OpenSSF Baseline security best practices based on Privateer findings"
	condition: "true" # Base condition always true, but individual steps have specific conditions
	steps:
	- id: "create-security-branch"
	action: "create-branch"
	parameters:

mlieberman85 / output

Created April 22, 2025 13:49

	Querying domain: whiskey.foundation
	Querying TXT record for: _chainsights.whiskey.foundation
	Traversing from root URI: https://raw.githubusercontent.com/whiskeytastingfoundation/chainsights/refs/heads/main/chainsights.jsonl with expected identity: mlieberman85@gmail.com
	Parsed essential bundle data.
	Decoded payload (839 bytes).
	Constructed PAE data (882 bytes).
	Prepared PEM certificate string.
	Calling Client::verify_blob with PAE data...
	Cryptographic signature verified successfully!
	Inspecting certificate identity...

mlieberman85 / test.ncl

Created May 13, 2024 14:24

	let language = "javascript" in
	let JavascriptContract = std.contract.from_predicate (fun x => std.string.contains "npm" x) in
	let RustContract = std.contract.from_predicate(fun x => std.string.contains "cargo" x) in
	let CommonContract = std.contract.from_predicate(fun x => std.string.contains "artifact" x) in
	let contract_array = if language == "javascript" then [CommonContract, JavascriptContract] else [CommonContract, RustContract] in
	let ContractSequence = std.contract.Sequence contract_array in
	let data = "npm run artifact" in
	data \| ContractSequence

mlieberman85 / slsa_provenance_v01_oapi.json

Created October 13, 2023 16:52

OpenAPI type definition of SLSA

	{
	"title": "InTotoStatementV1_for_SLSAProvenanceV1Predicate",
	"description": "Represents an In-Toto v1 statement.",
	"type": "object",
	"required": [
	"_type",
	"predicate",
	"predicateType",
	"subject"
	],

mlieberman85 / typify_debug.rs

Created May 4, 2023 21:34

mlieberman85 / slsa.cue

Created October 28, 2022 16:32

mlieberman85 / wtf.go

Created August 9, 2022 04:00

mlieberman85 / k8s-slsa.gv

Created May 26, 2022 17:11

This file has been truncated, but you can view the full file.

	// SLSA Graph
	digraph "slsa-graph" {
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" [label="ibm-sw-tpm2-1661"]
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> "05bd12b620b2c90b455bb76962045e704a027181ead3833aa9773a7ae9bddaea"
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> "23daf1a1401858e4562e6aa61166712072a1f193942dd2478eef5513ddc9d2fb"
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> "2a32dcb5fac84e74f5bb62a9e8f7698e9367fd00e3a2b8b82163309c2025c049"
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> "51858393c5698aba2e7c4e2832054a6985ab3eeda5db7373db5627d0acceefa8"
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> "616f319fa34b40faf4dab6566abd3adc69fa1d79c7f96e2ed7b9cbda1ac61d2b"
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517" -> acdeaa5cdbfb13fd590a628dc0b6a07ee25c464bedec941bac90715cacc33c2e
	"007cf2405a4e987bad136cbf2b1e3882c28768562a29628c070e4d57f560f517

Michael Lieberman mlieberman85