You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In today's in-toto community call while discussing open ITE's we discussed it being useful for both adopters and maintainers to have a collection of different in-toto attestations that exist in the wild.
Some examples I know of:
SLSA provenance (v0.2) – designed to describe how a subject artefact was produced, with several opaque fields to be defined by buildType: invocation.parameters, invocation.environment and buildConfig
SLSA Verification Summary Attestation (VSA) – summarise verification of a number of SLSA attestations without a (trusting) user having to check, or even have access to, each attestation
In today's in-toto community call while discussing open ITE's we discussed it being useful for both adopters and maintainers to have a collection of different in-toto attestations that exist in the wild.
Some examples I know of:
invocation.parameters,invocation.environmentandbuildConfig