Google team had tackled this problem for GCP and the internal technical infrastructure: [1].
It was a surprisingly hard problem, because the enforcement of build security is so widely effecting that to plug the little holes becomes a major company wide effort.
It was a surprisingly hard problem, because the enforcement of build security is so widely effecting that to plug the little holes becomes a major company wide effort.
[1] https://cloud.google.com/security/binary-authorization-for-b...