dependency-track
dependency-track copied to clipboard
Adding a Sigstore indicator to dependencies
Proposed Behavior:
Issue to explore DependencyTrack being able to indicate whether a dependency has a Sigstore signature detected. To better cyber risk assess the software supply chain.
See also: https://github.com/CycloneDX/specification/issues/155