Release History

[NEW] SLSA Verification Summary Attestations: Full implementation of SLSA v1.2 Verification Summary attestations, automatically generated from policy scan results to provide cryptographically verifiable evidence of policy compliance.

[NEW] Policy Loading Improvements: Enhanced YAML policy loader with better handling of document separators, edge cases, and improved error reporting for malformed policy files.

[IMPROVED] Artifactory Integration: Enhanced retry logic for attestation retrieval with configurable retry specifications and improved attestation URI generation for better traceability.

[IMPROVED] API Documentation: Expanded documentation for fetching attestations by ID with detailed explanations of DSSE envelope structure and in-toto Statement payload format.

[IMPROVED] Quick Start Guide: Restructured quick start documentation with step-by-step instructions, clearer prerequisites, and alternative deployment approaches using k3d image import.

[NEW] Deterministic S3 Attestation Storage: Support for storing attestations in Amazon S3.

[NEW] S3 Attestation Store Reader: Support for retrieving attestations from S3 for policy evaluation.

[NEW] Fetch Attestation by ID: New API endpoint to retrieve specific attestations by their unique identifier.

[NEW] AttestationsExist Policy: New policy type to ensure specific attestations are present.

[NEW] Dependency updates

Initial release of Develocity Provenance Governor.