You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The security insights data file captures information about the state of the project at a particular commit that is, essentially, a set of claims about it.
I think the project should consider creating a json variant that can be used as a predicate for an ( @in-toto ) attestation. This would allow us to sign and embed the security insights file (for example in a @sigstore bundle) using the existing tooling from those ecosystems.
The text was updated successfully, but these errors were encountered:
The security insights data file captures information about the state of the project at a particular commit that is, essentially, a set of claims about it.
I think the project should consider creating a json variant that can be used as a predicate for an ( @in-toto ) attestation. This would allow us to sign and embed the security insights file (for example in a @sigstore bundle) using the existing tooling from those ecosystems.
The text was updated successfully, but these errors were encountered: