📄️ Attestations
Software attestations are emerging as a key verifiable control for software supply chain security, and are essential for US government vendors to meet Executive Order 14028 requirements. Producing accurate software attestations that conform to existing formats (like in-toto) and criteria set by widely accepted frameworks (like SLSA) will improve the integrity of your software and its composing artifacts, and secure your software supply chain.