GitHub Artifact Attestations sign and verify software artifacts

GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available.

General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect against supply chain attacks and unauthorized modifications, GitHub said. As part of the announcement, GitHub also introduced the Kubernetes Policy Controller, which lets developers validate attestations directly within Kubernetes as an added layer of security.

To read this article in full, please click here

This article has been indexed from InfoWorld Security

Read the original article: