| ▲ | dsp_person 4 hours ago | |
Thanks that's interesting. The docs are aimed at developers, but I'm curious about the use case for the end user. So would a user have to do some kind of `gh attestation verify PATH/TO/YOUR/BUILD/ARTIFACT-BINARY ...`? (assuming the plugin dev provides an sbom?) | ||
| ▲ | kepano 4 hours ago | parent [-] | |
In the near term artifact attestation will be visible to users in the directory, and part of the overall scorecard of a plugin. | ||