Open andrew-m-leonard opened 23 hours ago
Architect a "Verified Reproducible Build Attestation".
Some useful links:
@tellison @smlambert fyi
Also:
Sigstore seems to be a center of gravity in the secure supply chain processes. We should seriously consider using the formats supported by Rekor to be able to use that infrastructure downstream.
Architect a "Verified Reproducible Build Attestation".
Some useful links: