pub fn collect_repo_dependency_signatures(
client: &GitHubClient,
owner: &str,
repo: &str,
reference: &str,
) -> EvidenceState<Vec<DependencySignatureEvidence>>Expand description
Collect dependency signature evidence for an entire repository at a given ref.
Uses the GitHub Git Tree API to discover all lock files across the repository
(including monorepo subdirectories), then fetches and parses each one.
Returns NotApplicable if no lock files exist anywhere in the tree.