syft icon indicating copy to clipboard operation
syft copied to clipboard

Published 20 hours ago verified publisher icon anchore

Provide a way to verify release integrity

Open wagoodman opened this issue 3 years ago • 0 comments

Today we have a checksum file + signature, however, we do not publish the key. We should either publish the key or replace this mechanism (maybe with a sigstore workflow).

wagoodman avatar Sep 14 '21 14:09 wagoodman