Currently, we read the known VEX data for a project from a simple file. At some point I think we should store it in the registry using a schema that makes it easy to find to update and use when attesting. @jdolitsky thinks we should use the new OCI Reference Types and I'm down for it.
Currently, we read the known VEX data for a project from a simple file. At some point I think we should store it in the registry using a schema that makes it easy to find to update and use when attesting. @jdolitsky thinks we should use the new OCI Reference Types and I'm down for it.