Open udf2457 opened 2 months ago
Please add SLSA provenance to your releases.
It is quick and easy to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info: https://docs.sigstore.dev/signing/overview/
With the new Artifact Attestation support from GitHub this should be fairly trivial to add. I can take a look on this.
Please add SLSA provenance to your releases.
It is quick and easy to do on on Github:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info: https://docs.sigstore.dev/signing/overview/