go-witness icon indicating copy to clipboard operation
go-witness copied to clipboard

Published 20 hours ago verified publisher icon in-toto

feat: Add lockfile attestor

Open fkautz opened this issue 4 months ago • 0 comments

This commit introduces a new lockfiles attestor to capture and attest the contents of common lockfiles in the project. The changes include:

  • Add new file attestation/lockfiles/lockfiles.go implementing the lockfiles attestor
  • Update imports.go to include the new lockfiles package

The lockfiles attestor captures contents of various lockfiles such as Gemfile.lock, package-lock.json, yarn.lock, and others. It stores the information in a slice of LockfileInfo structs, allowing for flexible handling of multiple lockfiles.

This feature enhances the project's capability to track and verify dependency information as part of the attestation process."

fkautz avatar Oct 08 '24 03:10 fkautz