Provide in-toto badges
lukpueh opened this issue · comments
Projects that are in-toto secured should be able to include an in-toto badge on there website/github page. We still have to discuss what exactly that means. This is related to providing a dynamic and custom list of guarantees.
See shields.io for example badges.
In order to provide badges that display the supply chain + verification results, we would need access to a project's final products, i.e. target files, signed layout, signed link files and project owner public keys. To me this feels a lot like a separate service/platform.
If I understand correctly this is also closely related to the in-toto bundling issue.