phillmv, I can finally talk about what we've been working on for the past two years(!)
Using #sigstore, GitHub now supports artifact signing, which allows you to create unforgeable provenance guarantees for any software you build inside Actions.
It's been a heck of a ride, & you can read more about (and learn how to use it) here:
https://github.blog/2024-05-02-introducing-artifact-attestations-now-in-public-beta/
Add comment