GitHub Artifact Attestations sign and verify software artifacts
Briefly

GitHub has launched Artifact Attestations, now generally available as of June 25, to enhance security within its GitHub Actions CI/CD platform. This feature helps developers safeguard against supply chain attacks by ensuring the integrity of artifacts by linking them to the build process. The announcement also included the Kubernetes Policy Controller, which enables developers to validate these attestations directly in Kubernetes, adding a crucial layer of security. Artifact Attestations utilizes the open source Sigstore project for signing and verifying software artifacts.
GitHub's introduction of Artifact Attestations enhances CI/CD security by linking artifacts to their build process, thus protecting against supply chain attacks.
The Kubernetes Policy Controller empowers developers to validate artifact attestations within Kubernetes, providing an additional security layer for their workflows.
Read at InfoWorld
[
|
]