GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts constructed contained in the GitHub Actions CI/CD platform, is now usually accessible.
Normal availability was introduced June 25. Through the use of Artifact Attestations in GitHub Actions workflows, builders can enhance safety and defend in opposition to provide chain assaults and unauthorized modifications, GitHub mentioned. As a part of the announcement, GitHub additionally launched the Kubernetes Coverage Controller, which lets builders validate attestations straight inside Kubernetes as an added layer of safety.
Powered by the Sigstore, an open supply undertaking for signing and verifying software program artifacts through attestations, Artifact Attestations is meant to safe a software program provide chain by making a hyperlink between artifacts and the construct course of. Including provenance to a GitHub Actions workflow might be executed by invoking the brand new attest-build-provenance Motion with the trail to the artifact. This will then be verified utilizing the brand new gh attestation confirm command.
Copyright © 2024 IDG Communications, Inc.
