v0.15.0
Added
- SLSA build provenance for releases. Each release now publishes signed build provenance
attestations for its archives andchecksums.txt(GitHubattest-build-provenance), so you
can verify where and how a binary was built:
gh attestation verify draugr_<ver>_<os>_<arch>.tar.gz --repo draugr-dev/draugr. This is on
top of the existing cosign-signed checksums and SBOMs.