Zahid Ur Rehman
Zahid Ur Rehman
Related Blog Post https://docs.google.com/document/d/1cYljGmkCXNLs6mF__ClDl7zGrmV3zoEF2n12cSaVZjk/edit#heading=h.7utel6eaz6nx
Related Blog Post https://docs.google.com/document/d/1cYljGmkCXNLs6mF__ClDl7zGrmV3zoEF2n12cSaVZjk/edit#heading=h.7utel6eaz6nx
@chipzoller Can you help why these checks are failing?
@chipzoller Can you comment on the latest update?
> Note that we workflow only outputs a single attestation, and it has the attestation for all the artifacts you pass in base64-subjects. @laurentsimon I am calling the slsa generic...
Additionally, it will be also helpful if you can tell me how I can decode(command) the attestation.intoto.jsonl file?
slsa-verifier gives an error when I don't provide `-artifact-path`?
Thanks @ianlewis @laurentsimon for useful info, some questions: 1) Can we use container generators for offical use? As release data is in sep and milestone progress is yet in intial...
> You should use the verifier https://github.com/slsa-framework/slsa-verifier to verify the provenance. I encourage you to change the binary / provenance file and you will see that verification will fail. You...