tech/gitbom-sign-builds
Build a compact Artifact Dependency Graph (ADG), tracking every source code file incorporated into each built artifact. Embed a unique, content-addressable reference for that Artifact Dependency Graph (ADG), the GitBOM identifier, into the artifact at build time.