Closed SantiagoTorres closed 1 year ago
adityasaky
commented
1 year ago I'm not sure where DSSE payload type is used but the in-toto one is currently documented in https://github.com/in-toto/attestation/blob/main/spec/README.md. Is that sufficient for now?
adityasaky
commented
1 year ago I think we are doing some of this in in-toto/attestation, with some improvements planned as well to address https://github.com/in-toto/attestation/issues/98.
cc @marcelamelara
Currently, cosign is using this:
https://github.com/sigstore/cosign/blame/b1e7ca2813ca42a38961f7fac51f130d2d3ec82c/pkg/types/payload.go#L19
I suggest we document these types somewhere so as to allow other applications to use the same.