Closed SurferJeffAtGoogle closed 1 year ago
AlanGreene
commented
1 year ago @SurferJeffAtGoogle the attestation is generated by the Tekton Chains project. You can find more information about it, including installation instructions on the parent page of the one you linked: https://tekton.dev/docs/chains/
tekton-robot
commented
1 year ago Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale with a justification.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.
/lifecycle stale
Send feedback to tektoncd/plumbing.
tekton-robot
commented
1 year ago Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.
/lifecycle rotten
Send feedback to tektoncd/plumbing.
tekton-robot
commented
1 year ago Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen with a justification.
Mark the issue as fresh with /remove-lifecycle rotten with a justification.
If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.
/close
Send feedback to tektoncd/plumbing.
tekton-robot
commented
1 year ago @tekton-robot: Closing this issue.
https://tekton.dev/docs/chains/intoto/
I see the example of the in-toto attestation for
file-SNAPSHOT.jar, but I can't figure out how to write a task spec that generates such an attestation.It would be incredibly helpful if the page also displayed the task spec that generated that attestation.