search

trailofbits / pypi-attestations

A library to convert between Sigstore Bundles and PEP 740 Attestation objects
https://trailofbits.github.io/pypi-attestations
Apache License 2.0
1 stars 1 forks source link

Switch to in-toto statements #18

Closed woodruffw closed 4 months ago

woodruffw commented 4 months ago

Experimental. Haven't changed the tests yet, either.

See: https://github.com/python/peps/pull/3768

woodruffw commented 4 months ago

Moving forwards with this for now; can be reverted as a single commit if we need to.