You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fwiw actions/attest-build-provenance can produce an in-toto JSON file that can be uploaded to the release with a *.intoto.jsonl asset name, so this is already kinda supported.
Is your feature request related to a problem? Please describe.
As seen in https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/.
Describe the solution you'd like
Check artifact signatures in a repo's
https://github.com/<org>/<repo>/attestations
URL.Describe alternatives you've considered
Continue using the current Signed Releases check.
Additional context
The text was updated successfully, but these errors were encountered: