We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please consider adding SLSA provenance to your releases.
Some examples of using Github and goreleaser:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info: https://docs.sigstore.dev/signing/overview/
The text was updated successfully, but these errors were encountered:
Thanks for the suggestion. I am not opposed to this if you (or anyone else) would like to attempt a PR.
Sorry, something went wrong.
Thanks @joe-elliott , I am tied down with $work at the moment until (at least) July/August.
But if I get a chance I might experiment with a PR, I also see Github have just (2 May) announced something that might potentially simplify the process even further: https://github.blog/changelog/2024-05-02-artifact-attestations-public-beta/
Meanwhile, as you say, if anyone else wants to help...
No branches or pull requests
Please consider adding SLSA provenance to your releases.
Some examples of using Github and goreleaser:
https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-goreleaser
https://goreleaser.com/blog/slsa-generation-for-your-artifacts/#slsa-github-generator
Background info:
https://docs.sigstore.dev/signing/overview/
The text was updated successfully, but these errors were encountered: