see the fields in https://docs.github.com/en/actions/security-for-github-actio...
the level of attestation you want (essentially bound to tpms) would probably be very difficult to provide given how all sorts of images run in a typical ci pipeline.
see the fields in https://docs.github.com/en/actions/security-for-github-actio...
the level of attestation you want (essentially bound to tpms) would probably be very difficult to provide given how all sorts of images run in a typical ci pipeline.