peczenyj / GDPR-IAB-TCFv2

96%

main: 96%

LAST BUILD ON BRANCH devel

branch: SELECT

CHANGE BRANCH

x

• No branch selected
• add-range-section-cache
• add-support-to-publisher-tc
• chore/adopt-mojolicious-perltidyrc
• chore/cmp-validator-version-coherence
• chore/compress-test-corpus
• chore/contributor-quality-of-life
• chore/declare-min-perl-5.8.9
• chore/dockerfile-perl-5.42-recommends
• chore/maintenance-mode-handover
• chore/normalize-pod-abstracts
• chore/pod-and-message-cleanup
• chore/remove-json-array-flag
• chore/structural-json-asserts
• devel
• docs/registry-freshness-roadmap
• docs/slsa-level-2
• docs/track-phase-5-cmp-validator
• feat/cli-bundling
• feat/cli-cmp-validator-integration
• feat/cli-color-support
• feat/cli-dump
• feat/cli-short-help-and-unknown-subcommand
• feat/cli-version
• feat/cmp-validator-http-options
• feat/docker-distribution
• feat/docker-latest-tag
• feat/golden-corpus-validator-scenarios
• feat/is-v23-deadline-investigation
• feat/parser-split-and-shortcut
• feat/perf-optimizations
• feat/perl-5.10
• feat/perl-5.12
• feat/phase-0-core-logic
• feat/phase-1-tcf-v23-segments
• feat/phase-1-v23-logic
• feat/phase-2-validator
• feat/phase-2-validator-v2
• feat/phase-3-alignment
• feat/phase-3-constants-v23-aliases
• feat/phase-4-bench-and-perf
• feat/phase-4-performance
• feat/phase-5-cmp-validator
• feat/phase-5-cmp-validator-redux
• feat/phase-6.1-validator-reason
• feat/phase-6.2-validator-failure
• feat/phase-6.3-tcf-carve-out
• feat/phase-6.4-publisher-restriction-reasons
• feat/phase-6.5-per-call-overrides
• feat/quality-refinement
• feat/roadmap-modernization
• feat/slsa-level-1
• feat/test-synopsis
• feat/todo-validator-strict-legal-basis-coupling
• feat/todo-validator-strict-legal-basis-scope
• feat/validator-go-alignment
• fix-but-index-out-of-bonds-while-parsing-range-based-consent-strings
• fix/bigint-fallback-json-serialization
• fix/cli-concise-errors
• fix/cli-error-formatting
• fix/cli-vendor-id-shadowed-by-version
• fix/final-review-refinements
• fix/golden-mem
• fix/json-regex-key-order-tests
• fix/optional-cmp-deps
• fix/perl-5.8-defined-or-syntax
• fix/pod-files-installed-as-modules
• fix/post-release-audit
• fix/publisher-restrictions-boundary-check
• fix/release-workflow
• fix/restore-cli-version-option
• fix/restore-pause-indexation-v0.401
• fix/uint36-timestamp-32bit-perl
• fix/use-test-warn
• fix/vendor-segment-parser-cleanup
• main
• refactor-publisher-restrictions
• refactor-range-section
• refactor/cmp-validator-rename
• refactor_bitfield
• release/0.100
• release/0.200
• release/0.350
• release/0.380
• release/0.400
• release/0.401
• release/0.510
• release/0.511
• release/0.512
• release/0.520
• release/v0.083
• release/v0.400
• v0.06
• v0.07
• v0.08
• v0.081
• v0.082
• v0.083
• v0.084
• v0.100
• v0.200
• v0.201
• v0.202
• v0.203
• v0.300
• v0.320
• v0.330
• v0.340
• v0.350
• v0.351
• v0.352
• v0.360
• v0.370
• v0.380
• v0.390
• v0.391
• v0.400
• v0.401
• v0.500
• v0.510
• v0.511
• v0.512
• v0.520
• vv0.083

Build # 26045314231

Build Type

push

github

Committed by web-flow

Commit Message

docs: claim SLSA Build Level 2 (#137)

* docs: claim SLSA Build Level 2

The release pipeline already satisfies Build L2: it runs on a hosted
build platform (GitHub-hosted runners) and emits provenance signed via
Sigstore with an identity bound to the release workflow. v0.520 was the
first release to produce these signed attestations for both the CPAN
tarball and the Docker image, so the SECURITY.md claim is updated from
Build Level 1 to Build Level 2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: add SLSA Build Level 2 badge to README

Add an SLSA badge to the POD badge block in lib/GDPR/IAB/TCFv2.pm and
regenerate README.md. There is no official SLSA badge service, so this
uses a static shields.io badge linking to slsa.dev, consistent with the
SECURITY.md Build Level 2 claim.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: point SLSA badge at the GitHub attestations page

Link the badge to the repository's attestations listing so a reader can
go straight to the signed build provenance.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

Coverage Stats

1176 of 1221 relevant lines covered (96.31%)

25292.33 hits per line