adding warning mesage for slsa attestor

Signed-off-by: chaosinthecrd <[email protected]>

attestation/slsa/slsa.go

@@ -31,6 +31,7 @@ import (
 	"github.com/in-toto/go-witness/attestation/oci"
 	"github.com/in-toto/go-witness/attestation/product"
 	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/go-witness/registry"
 	"golang.org/x/exp/maps"
 	"google.golang.org/protobuf/types/known/structpb"
@@ -210,6 +211,11 @@ func (p *Provenance) Attest(ctx *attestation.AttestationContext) error {
 		}
 	}
 
+	// NOTE: We want to warn users that they can use the github and gitlab attestors to enrich their provenance
+	if p.PbProvenance.RunDetails.Builder.Id == DefaultBuilderId {
+		log.Warn("No build system attestor invoked. Consider using github or gitlab attestors (if appropriate) to enrich your SLSA provenance")
+	}
+
 	var err error
 	p.PbProvenance.BuildDefinition.InternalParameters, err = structpb.NewStruct(internalParameters)
 	if err != nil {