Remove attestors - Githubissues

in-toto / witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

https://witness.dev

Apache License 2.0

416 stars 60 forks source link

Closed colek42 closed 1 year ago

colek42 commented 1 year ago

the SBOM, syft, and scorecard do not really fit well into our attestation model.

We should remove them for now and replace them with output attestations.