Artifact Attestations guarantee the integrity of artifacts built inside GitHub Actions by creating and verifying digital signatures that link the artifact to source code and build instructions. Credit: Rawpixel.com/Shutterstock GitHub’s Artfact Attestations, for guaranteeing the integrity of artifacts built inside the GitHub Actions CI/CD platform, is now generally available. General availability was announced June 25. By using Artifact Attestations in GitHub Actions workflows, developers can improve security and protect against supply chain attacks and unauthorized modifications, GitHub said. As part of the announcement, GitHub also introduced the Kubernetes Policy Controller, which lets developers validate attestations directly within Kubernetes as an added layer of security. Powered by the Sigstore, an open source project for signing and verifying software artifacts via attestations, Artifact Attestations is intended to secure a software supply chain by creating a link between artifacts and the build process. Adding provenance to a GitHub Actions workflow can be done by invoking the new attest-build-provenance Action with the path to the artifact. This can then be verified using the new gh attestation verify command. Related content analysis Beyond the usual suspects: 5 fresh data science tools to try today The mid-month report includes quick tips for easier Python installation, a new VS Code-like IDE just for Python and R users, and five newer data science tools you won't want to miss. By Serdar Yegulalp Jul 12, 2024 2 mins Python Programming Languages Software Development analysis Generative AI won’t fix cloud migration You’ve probably heard how generative AI will solve all cloud migration problems. It’s not that simple. Generative AI could actually make it harder and more costly. By David Linthicum Jul 12, 2024 5 mins Generative AI Artificial Intelligence Cloud Computing news HR professionals trust AI recommendations HireVue survey finds 73% of HR professionals trust AI to make candidate recommendations, while 75% of workers are opposed to AI making hiring decisions. By Paul Krill Jul 11, 2024 3 mins Technology Industry Careers how-to Safety off: Programming in Rust with `unsafe` What does it mean to write unsafe code in Rust, and what can you do (and not do) with the 'unsafe' keyword? The facts may surprise you. By Serdar Yegulalp Jul 11, 2024 8 mins Rust Programming Languages Software Development Resources Videos