Add support for verifying dsse-intoto by loosebazooka · Pull Request #855 · sigstore/sigstore-java
This was referenced
Dec 18, 2024
- Verification should be able to correctly validate a bundle as cryptographically valid (VerificationOptions.empty()) - Verifiers may also include signer identity during verification - Verifiers should extract the embedded attestation to do further analysis on the attestation. Sigstore-java does not process those in any way - There is no signing options for DSSE bundles Signed-off-by: Appu Goundan <appu@google.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters