Initial verifiable builds docs #239
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MadelineAu
requested review from
MC1823315,
NimaVaziri,
afkbyte,
antojoseph,
dabit3,
mmurrs,
non-fungible-nelson,
scotthconner and
shrimalmadhur
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Chris-Moller
reviewed
Jan 6, 2026
| sidebar_position: 5 | ||
| --- | ||
|
|
||
| Verifiable builds provide cryptographic proof of the source code and build process for EigenCompute applications. EigenCompute verifiable builds |
Contributor
There was a problem hiding this comment.
Make it clear they are linked: "Verifiable builds provide cryptographic proof linking the source code and build process..."
|
|
||
| When submitting a build with dependencies, provenance is validated and dependency digests are recorded in the build's SLSA provenance. | ||
|
|
||
| The EigenCompute TLS and KMS clients are prebuilt and the digests included in all EigenCompute applications. |
Contributor
There was a problem hiding this comment.
In the Read me of the EigenCompute containers repo you can see the official digests there that we keep up to date. Maybe just link to those here?
|
|
||
| EigenCompute applications with dependencies other than the TLS and KMS clients must submit those verifiable builds and include | ||
| the dependency's image digest when verifiably building the application. | ||
|
|
Contributor
There was a problem hiding this comment.
I think we should include the Google SLSA Providence public key that we use to verify everything? And possibly link out to Google's documentation on SLSA provenance.
Collaborator
Author
There was a problem hiding this comment.
Yep - I need to add another topic for 'how to verify' and include those.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.