Open ramonpetgrave64 opened 1 month ago
@slugclub
This is looking great, thanks so much for working on this. I have a few minor nits but overall it's looking good.
Thanks for the review! I was also looking into logging in https://github.com/slsa-framework/slsa-verifier/pull/772,
@slugclub thanks again. @ianlewis @laurentsimon , please take a look
cc @loosebazooka
@loosebazooka
This PR
./docs/Api-Library.md
Offline rekor verification already works so long as the provenance is a valid sigstore bundle, though we could consider adding an explicit option to enforce offline rekor verifification.
Fixes #493
Testing
./docs/Api-Library.md
Followups