pub fn to_artifact_attestations(
artifact: &str,
results: &[GhAttestationOutput],
subject_digest: Option<String>,
) -> Vec<ArtifactAttestation>Expand description
Convert parsed gh attestation verify results into core evidence types.
When both a local digest and an attestation-claimed digest are available,
the two are compared. A mismatch overrides the Verified outcome with
SignatureInvalid (the attestation does not cover the actual artifact).