Closed
Description
Description
Using ArtifactPolicyOptions, the verifier supports checking in-toto statement subjects for a specific artifact digest. The artifact is provided using verify.WithArtifact or verify.WithArtifactDigest. I propose adding verify.WithArtifacts(artifacts []io.Reader)/verify.WithArtifactDigests([]ArtifactDigest) to specify multiple artifacts that must all pass verification. Multi-subject verification will fail unless the bundle content is DSSE and contains an in-toto statement with a subject referencing all provided artifacts.