This commit is contained in:
9
docs/updates/2025-10-29-export-center-provenance.md
Normal file
9
docs/updates/2025-10-29-export-center-provenance.md
Normal file
@@ -0,0 +1,9 @@
|
||||
# 2025-10-29 – Export Center provenance/signing doc
|
||||
|
||||
## Summary
|
||||
- Authored `docs/export-center/provenance-and-signing.md`, covering manifest/provenance artefacts, cosign/SLSA signing pipeline, verification workflows (CLI/CI/offline), and compliance checklist.
|
||||
- Cross-linked the new guide from the docs index (`docs/README.md`) and referenced outstanding CLI automation (`CLI-EXPORT-37-001`) to keep verification guidance aligned with upcoming tooling.
|
||||
|
||||
## Follow-ups
|
||||
- [ ] Revisit once `CLI-EXPORT-37-001` lands to confirm command names/flags and update the verification section if necessary.
|
||||
- [ ] Sync with DevOps (`DEVOPS-EXPORT-37-001`) after dashboards/alerts ship to embed direct links in the failure handling section.
|
||||
Reference in New Issue
Block a user