Description

As part of our software security policy, we are looking to validate the authenticity of PHP Windows builds using Cosign.

Are there any public certificates or attestations available for these artifacts? This is a prerequisite for our next deployment phase, which involves systematic SBOM verification.