pub fn verify_repo(
client: &GitHubClient,
owner: &str,
repo: &str,
reference: &str,
policy: Option<&str>,
with_evidence: bool,
) -> Result<VerificationResult>Expand description
Verify repository-level dependency signatures at a given ref.
Scans for lock files (Cargo.lock, package-lock.json) at the specified reference and evaluates dependency signature evidence.
Only evaluates dependency-related controls (not PR or build controls) to avoid noisy NotApplicable results.