| ▲ | kepano 5 hours ago | |||||||
The recommended way to do this is via artifact attestation: https://docs.github.com/en/actions/how-tos/secure-your-work/... | ||||||||
| ▲ | dsp_person 4 hours ago | parent [-] | |||||||
Thanks that's interesting. The docs are aimed at developers, but I'm curious about the use case for the end user. So would a user have to do some kind of `gh attestation verify PATH/TO/YOUR/BUILD/ARTIFACT-BINARY ...`? (assuming the plugin dev provides an sbom?) | ||||||||
| ||||||||