Artifact Attestations, based on Sigstore, creates a tamper-proof paper trail linking artifacts to their creation process, aiding in security and validity checks.
Verification is initially supported by GitHub CLI and will extend to Kubernetes later, simplifying PKI complexity with temporary key pairs for signing.
[
add
]
[
|
|
...
]