This allows developers to sign CI artifacts, and for users to attest their origin locally. This proves the origin of a CI build and that it hasn't been tampered with, providing more security to users when testing new features.
This should be trivial to support, so implement when I got the time
https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
This allows developers to sign CI artifacts, and for users to attest their origin locally. This proves the origin of a CI build and that it hasn't been tampered with, providing more security to users when testing new features.
This should be trivial to support, so implement when I got the time