docs(getting-started): add information about slsa attestor

in-toto / witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

https://witness.dev

Apache License 2.0

415 stars 59 forks source link

docs(getting-started): add information about slsa attestor #456

Closed rrey closed 6 months ago

rrey commented 6 months ago

What this PR does / why we need it

This PR results in a short discussion on Slack.

The Provenance being the very first requirement from SLSA, it seems quite appropriate to mention how Witness helps achieve this easily.

Acceptance Criteria Met

[ ] Docs changes if needed
[ ] Testing changes if needed
[ ] All workflow checks passing (automatically enforced)
[ ] All review conversations resolved (automatically enforced)
[ ] DCO Sign-off

Special notes for your reviewer:

netlify[bot] commented 6 months ago

Deploy Preview for witness-project ready!

Name	Link
Latest commit	5c1c1f10c89d516e3ebf03655bfe6b75593ab3a8
Latest deploy log	https://app.netlify.com/sites/witness-project/deploys/665aa8c6f46a7a00080717d0
Deploy Preview	https://deploy-preview-456--witness-project.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.