GitHub takes aim at software supply chain security

2024-05-09 19:05

GitHub has introduced Artifact Attestations, a software signing and verification feature based on Sigstore that protects the integrity of software builds in GitHub Actions workflows. Artifiact Attestations is now available in a public beta.

Announced May 2, Artifact Attestations allows project maintainers to create a “tamper-proof, unforgeable paper trail” that links software artifacts to the process that created them. “Downstream consumers of this metadata can use it as a foundation for new security and validity checks through policy evaluations via tools like Rego and Cue,” GitHub wrote in the announcement.

To read this article in full, please click here

This article has been indexed from InfoWorld Security

Read the original article:

GitHub takes aim at software supply chain security

← Dell discloses data breach impacting millions of customers

A new alert system from CISA seems to be effective — now we just need companies to sign up →


10.4K	8K	100+	500+

Read the original article:

Related

Post navigation