Skip to content

feat: Add provenance verification for plugins#9

Open
vijayCarta wants to merge 4 commits intomainfrom
provenance-check
Open

feat: Add provenance verification for plugins#9
vijayCarta wants to merge 4 commits intomainfrom
provenance-check

Conversation

@vijayCarta
Copy link
Copy Markdown
Contributor

@vijayCarta vijayCarta commented Apr 1, 2026

Summary

  • Adds provenance check that runs on PRs touching plugins/**
  • Verifies each changed plugin exists in carta/claude-marketplace main branch
  • Verifies plugin passed security scanning (checks security-manifest.json)
  • Verifies content integrity via SHA-256 hash comparison

Changes Made

  • .github/scripts/verify-provenance.py — Python 3.12 provenance verifier (3 checks: exists, passed, hash match)
  • .github/workflows/provenance-check.yml — Workflow triggered on PRs with plugins/** changes

Dependencies

  • Requires carta/claude-marketplace security scan pipeline to be merged first (generates the manifest this workflow reads)

Test plan

  • Open PR adding a plugin that exists in claude-marketplace → verify provenance passes
  • Open PR adding a plugin NOT in claude-marketplace → verify it fails with clear error
  • Modify plugin content after copying from marketplace → verify hash mismatch is caught

🤖 Generated with Claude Code

@vijayCarta @claude
feat: Add provenance verification for plugins
6bf7406 
Verifies that plugins published to this public repo first exist in the
internal claude-marketplace and have passed security scanning. Checks
existence, security status, and content hash integrity.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@vijayCarta vijayCarta requested a review from a team as a code owner April 1, 2026 03:59
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 1, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA ac79e54.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/provenance-check.yml

PackageVersionLicenseIssue Type
actions/checkout4.*.*NullUnknown License
actions/setup-python5.*.*NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 6
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
SAST🟢 8SAST tool detected but not run on all commits
actions/actions/setup-python 5.*.* 🟢 5.2
Details
CheckScoreReason
Maintained⚠️ 23 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9

Scanned Files

  • .github/workflows/provenance-check.yml

vijayCarta and others added 3 commits April 1, 2026 10:44
@vijayCarta @claude
fix: Align _should_exclude with marketplace generator
3001594 
Match the exact exclusion logic from generate-security-manifest.py:
- Use HASH_EXCLUDE_DIRS for directory-level exclusions only
- Check .pyc via suffix, .DS_Store via file name (not as path parts)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@vijayCarta @claude
fix: Use repository variable for internal repo name
a767f06 
Move internal marketplace repo reference to a GitHub Actions
repository variable (PROVENANCE_REPO) instead of hardcoding it.
Reduces information disclosure per security review.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@vijayCarta @claude
chore: Add Apache 2.0 license
ac79e54 
Aligns with Anthropic's enterprise plugin pattern (knowledge-work-plugins)
and Carta's existing Apache 2.0 repos. Addresses security review item #5.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saada saada saada approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vijayCarta @saada