intoto stop
Snapshot output files at the end of a pipeline step and upload the signed link
Synopsis
Record the cryptographic hashes of all output files (products) after a pipeline step finishes, sign the link with the DevGuard token, and upload it to DevGuard.
This is the second half of the start/stop pair. The signed link proves which files existed before and after this step, and that this specific token (CI identity) performed it.