We need to write an action to enable attesting an image right after building new container images.
The idea is that you can add a step to any pipeline that builds images. It should read known vex data from the golden sample, create an attestation, sign it and attach it to the newly create image.
We need to write an action to enable attesting an image right after building new container images.
The idea is that you can add a step to any pipeline that builds images. It should read known vex data from the golden sample, create an attestation, sign it and attach it to the newly create image.