Artifact Attestations guarantee the integrity of artifacts built inside GitHub Actions by creating and verifying digital signatures that link the artifact to source code and build instructions. Credit: Rawpixel.com/Shutterstock GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available. General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect against supply chain attacks and unauthorized modifications, GitHub said. As part of the announcement, GitHub also introduced the Kubernetes Policy Controller, which lets developers validate attestations directly within Kubernetes as an added layer of security. Powered by the Sigstore, an open source project for signing and verifying software artifacts via attestations, Artifact Attestations is intended to secure a software supply chain by creating a link between artifacts and the build process. Adding provenance to a GitHub Actions workflow can be done by invoking the new attest-build-provenance Action with the path to the artifact. This can then be verified using the new gh attestation verify command. Related content analysis GitHub Copilot learns new tricks GitHub and Microsoft have taken their AI-powered programming assistant into new territories, tackling code reviews, simple web apps, Java upgrades, and Azure help and troubleshooting. By Simon Bisson Nov 07, 2024 8 mins GitHub Java Microsoft Azure news Python has overtaken JavaScript on GitHub Python has become the most popular programming language on GitHub, while the use of Jupyter Notebooks has also soared, according to GitHub’s Octoverse 2024 report. By Paul Krill Oct 30, 2024 2 mins GitHub JavaScript Python news GitHub Copilot expands AI model support GitHub has extended Copilot’s model support to new Anthropic, Google, and OpenAI models and introduced GitHub Spark, an AI-driven tool for building web apps using natural language. By Paul Krill Oct 29, 2024 3 mins Generative AI GitHub Integrated Development Environments analysis What is GitHub? More than Git version control in the cloud GitHub is the host with the most for open-source projects and programmers who want to share and collaborate on code. Here’s why. By Martin Heller Sep 06, 2024 19 mins GitHub Development Tools Open Source Resources Videos