Story (Required)

Include resource verification status in Chains-generated SLSA provenance attestations.

Background (Required)

<Describes the context or background related to this story>

Out of scope

<Defines what is not included in this story>

Approach (Required)

• Extended provenance schema with verification fields
• Capture of verification results during execution
• Policy information in provenance
• Verification timestamp recording
• Updated SLSA format handlers

Dependencies

<Describes what this story depends on. Dependent Stories and EPICs should be linked to the story.>

Acceptance Criteria (Mandatory)

• Provenance includes verification status for all resources
• Shows which VerificationPolicy was applied
• Records verification timestamp
• Indicates pass/fail/skip status
• Schema validation tests pass

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

Legend

Unknown

Verified

Unsatisfied

Done Checklist

• Code is completed, reviewed, documented and checked in
• Unit and integration test automation have been delivered and running cleanly in continuous integration/staging/canary environment
• Continuous Delivery pipeline(s) is able to proceed with new code included
• Customer facing documentation, API docs etc. are produced/updated, reviewed and published
• Acceptance criteria are met