docs(attestation): add references to sigstore

This patch improves the attestation signing part of the documentation by adding links to the external tooling, as well as where to find the external documentation. Proposed-by: Joerg Sommer <[email protected]> Signed-off-by: Felix Moessbauer <[email protected]> Signed-off-by: Jan Kiszka <[email protected]>
siemens · May 3, 2024 · 911da6d · 911da6d
1 parent 81a0645
commit 911da6d
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/docs/userguide/build-attestation.rst b/docs/userguide/build-attestation.rst
@@ -45,10 +45,12 @@ For example, to build the configuration described in the file
 Working with sigstore cosign
 ----------------------------
 
-The sigstore cosign tool has native support for in-toto build predicates.
-However, it currently can only operate directly on the predicate but not
-on the enclosing attestation (cosign 2.2.4). By that, the predicate first
-needs to be extracted (provenance in this example)::
+The `cosign tool <https://github.com/sigstore/cosign>`_ from the `sigstore
+project <https://www.sigstore.dev/>`_ (`documentation <https://docs.sigstore.dev/>`_)
+has native support for in-toto build predicates. However, it currently can only
+operate directly on the predicate but not on the enclosing attestation
+(cosign 2.2.4). By that, the predicate first needs to be extracted (provenance
+in this example)::
 
     cat build/attestation/kas-build.provenance.json | jq '.predicate' > provenance.json