laurentsimon

I've thought about it a little more. I think we should have these pre-release checks. Otherwise, we may release a version that internally calls an older version; and even if...

/cc @andrewpollock

If we could share the Options between the cli and service, it would also be nice.

Friendly ping for review. @SantiagoTorres @marcelamelara

@adityasaky as well, thanks

Marcela pointed me to @in-toto/attestation-maintainers. I would like a review, thanks

Thanks for the response. See comments inline. > Thanks for this PR @laurentsimon ! I think it would be really helpful to more clearly describe the intent and focus of...

> We have also been looking at deployment attestations, however in a step of the supply chain that is before the admission controller. We are mainly looking in the context...

> Interesting idea, but perhaps unnecessary if we simply allow deployment environments themselves to choose what artifacts they would run by filtering on policies. These policies may be specified in...

> > One example is deploying on K8s via Helm. We would like to resolve all the image tags to digests before calling the K8s API and capture that event...