bdehamer
commented
5 months ago @Forrin Thanks for the PR! We actually have some work in progress to support multi-subject attestations but first need to roll-out some changes to our attestation store.
I'll revisit this when we have all of the prerequisites deployed but until then we can't merge this as it will result in attestations which are incompatible with the GH attestations API.
This change will add support for handling multiple subjects. It's a fairly minor change that will enable attaching many subjects to a single attestation. This could be useful for a variety of situations, such as using the gitcommit and the artifact as subjects. Overall any predicate that references multiple subjects will need this.