Supply-chain Levels for Software Artifacts
Why do you think that https://github.com/sigstore/rekor is a good alternative to slsa
Supply-chain Levels for Software Artifacts
Why do you think that https://github.com/sigstore/rekor is a good alternative to slsa