Closed SurferJeffAtGoogle closed 1 year ago
@SurferJeffAtGoogle the attestation is generated by the Tekton Chains project. You can find more information about it, including installation instructions on the parent page of the one you linked: https://tekton.dev/docs/chains/
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen
with a justification.
/lifecycle stale
Send feedback to tektoncd/plumbing.
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen
with a justification.
/lifecycle rotten
Send feedback to tektoncd/plumbing.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
with a justification.
Mark the issue as fresh with /remove-lifecycle rotten
with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen
with a justification.
/close
Send feedback to tektoncd/plumbing.
@tekton-robot: Closing this issue.
https://tekton.dev/docs/chains/intoto/
I see the example of the in-toto attestation for
file-SNAPSHOT.jar
, but I can't figure out how to write a task spec that generates such an attestation.It would be incredibly helpful if the page also displayed the task spec that generated that attestation.