Open krol3 opened 2 years ago
Hi @krol3, Thank you for your feedback Chain-bench can easily implement a pipeline instructor for signing 2.4.1:
we already implement a parser for the pipeline steps and have shared functionality to validate against a few actions as you can see here
We welcome and loved to get this contribution, Let me know if you wish to push it
Mor
@morwn yeah! I would like to push it! added this validation
Does chain-bench recognize code signing tools like sigstore (cosign, fulcio, rekor)?