laurentsimon
commented
2 years ago sidenote: think about https://github.com/slsa-framework/slsa-github-generator/issues/684 when building this builder.
Also think about the SBOM generated by ko, and try to include these in the final attestation. (Probably not needed for first implementation)
Can use the PoC I created https://github.com/laurentsimon/slsa-github-generator-ko It should not be too difficult.