Support the `.sigstore` bundle extension
edgarrmondragon opened this issue · comments
Edgar Ramírez Mondragón commented
Is your feature request related to a problem? Please describe.
The scorecard GH action is detecting that my last 5 releases don't have signed artifacts, though they do have .sigstore
bundles.
Describe the solution you'd like
The .sigstore
extension should flag a signed artifact.
Describe alternatives you've considered
Can't think of any 😅
Additional context
laurentsimon commented
Good catch. Done in #3773