You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I read through the SLSA provenance and it doesn't look like we can implement anything above SLSA1 because our builds are done using Azue Dev Ops. However, all our release files are signed using Microsoft approved signing.
Also, we are looking into adding our containers to Microsoft Container Registry which has its own strict processes to ensure supply chain integrity.
Is there something else that you were thinking of?
Feature request type
enhancement
Is your feature request related to a problem? Please describe
Thank you for your work on garnet.
However, given the nature of the modern world we live in, it would be nice if you could add SLSA provenance to your releases.
Describe the solution you'd like
Add SLSA provenance to your releases.
This could be through Sigstore keyless signing, Github artifact attestations or any other method.
Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: