Add options to create in-toto attestations as separate DBoM Assets #2
Description
Are you willing to contribute it (Yes/No): Yes
Describe the feature and the current behavior/state.
Currently the in-toto wrapper writes all of the attestation for each step as an update to the DBoM assets which means that for a long pipeline, the asset can grow very large. It would be good to support creating each steps attestation as a separate DBoM asset which are then attached to the overall asset.
Will this change the current API? How?
Yes, will add a flag that says how the attestations are stored.
Who will benefit with this feature?
Will help anyone with large pipelines from having extremely large DBoM assets.
Miscellaneous Information