Not sure if this works with artifacts pushed to GHCR (Github Container Registry), for example Docker containers. I think not.
But it's still a good step towards more integrity in the software supply chain.
We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub Actions by creating and verifying signed attestations.
sandstrom|1 year ago
But it's still a good step towards more integrity in the software supply chain.
phillmv|1 year ago