Consider naming the generated attestation file attestation.intoto.json
or allow users to configure it
#62
Labels
feature-request
New feature or request
This would make it slightly easier for projects to comply with OSSF's Scorecard: https://github.com/ossf/scorecard/blob/7ce8609469289d5f3b1bf5ee3122f42b4e3054fb/docs/checks.md#signed-releases.
The alternative at the moment is for users to override the asset name the file is uploaded with to the release.
I can start a PR if y'all like the idea. If we make it configurable, we'd probably want to follow up with a corresponding PR in actions/attest-build-provenance.
The text was updated successfully, but these errors were encountered: