{"id":55042,"date":"2024-06-26T12:24:32","date_gmt":"2024-06-26T16:24:32","guid":{"rendered":"https:\/\/sdtimes.com\/?p=55042"},"modified":"2024-06-26T12:24:32","modified_gmt":"2024-06-26T16:24:32","slug":"github-improves-supply-chain-security-with-general-availability-of-artifact-attestations","status":"publish","type":"post","link":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/","title":{"rendered":"GitHub improves supply chain security with general availability of Artifact Attestations"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">GitHub is taking a step forward to help companies improve supply chain security with the release of <\/span><a href=\"https:\/\/docs.github.com\/en\/actions\/security-guides\/using-artifact-attestations-to-establish-provenance-for-builds\"><span style=\"font-weight: 400;\">Artifact Attestations<\/span><\/a><span style=\"font-weight: 400;\">. This new feature allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them into their Kubernetes cluster.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Artifacts in GitHub are files or collections of files that were created during a workflow run, such as build or test output.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Attestations include a link to the workflow associated with the artifact, along with other relevant information like its repository, organization, environment, commit SHA, and triggering event.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">According to GitHub, Artifact Attestations are powered by<\/span> <a href=\"https:\/\/www.sigstore.dev\/\"><span style=\"font-weight: 400;\">Sigstore<\/span><\/a><span style=\"font-weight: 400;\">, which is an open source project that allows software artifacts to be signed and verified to promote greater software integrity.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Along with this general availability release, GitHub also is now offering a <\/span><a href=\"https:\/\/docs.github.com\/en\/actions\/security-guides\/enforcing-artifact-attestations-with-a-kubernetes-admission-controller\"><span style=\"font-weight: 400;\">new way<\/span><\/a><span style=\"font-weight: 400;\"> to build Kubernetes admission controllers that allows developers to validate attestations from within Kubernetes clusters. According to GitHub, this ensures that only properly validated artifacts get deployed.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cBy integrating Artifact Attestations into your GitHub Actions workflows, you enhance the security of your development and deployment processes, protecting against supply chain attacks and unauthorized modifications,\u201d GitHub wrote in a <\/span><a href=\"https:\/\/github.blog\/changelog\/2024-06-25-artifact-attestations-is-generally-available\/\"><span style=\"font-weight: 400;\">blog post<\/span><\/a><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<hr \/>\n<p><em>You may also like&#8230;<\/em><\/p>\n<p><strong><a href=\"https:\/\/sdtimes.com\/security\/sonatype-shines-light-on-current-state-of-supply-chain-security-in-latest-report\/\">Sonatype shines light on current state of supply chain security in latest report<\/a><\/strong><\/p>\n<p><strong><a href=\"https:\/\/sdtimes.com\/security\/openssf-cisa-and-dhs-collaborate-on-new-open-source-project-for-creating-sboms\/\">OpenSSF, CISA, and DHS collaborate on new open-source project for creating SBOMs<\/a><\/strong><\/p>\n<!-- AddThis Advanced Settings generic via filter on the_content --><!-- AddThis Share Buttons generic via filter on the_content -->","protected":false},"excerpt":{"rendered":"<p>GitHub is taking a step forward to help companies improve supply chain security with the release of Artifact Attestations. This new feature allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them into their Kubernetes cluster. Artifacts in GitHub are files or collections of files that were created  &hellip; <a class=\"read-more\" href=\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\">continue reading<\/a><!-- AddThis Advanced Settings generic via filter on get_the_excerpt --><!-- AddThis Share Buttons generic via filter on get_the_excerpt --><\/p>\n","protected":false},"author":752,"featured_media":55043,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"cybocfi_hide_featured_image":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1],"tags":[272,45,16101],"coauthors":[11687],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GitHub improves supply chain security with general availability of Artifact Attestations - SD Times<\/title>\n<meta name=\"description\" content=\"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitHub improves supply chain security with general availability of Artifact Attestations - SD Times\" \/>\n<meta property=\"og:description\" content=\"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\" \/>\n<meta property=\"og:site_name\" content=\"SD Times\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SDTimesD2\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-26T16:24:32+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jenna Barron\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:site\" content=\"@sdtimes\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Barron\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\"},\"author\":{\"name\":\"Jenna Barron\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\"},\"headline\":\"GitHub improves supply chain security with general availability of Artifact Attestations\",\"datePublished\":\"2024-06-26T16:24:32+00:00\",\"dateModified\":\"2024-06-26T16:24:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\"},\"wordCount\":234,\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg\",\"keywords\":[\"GitHub\",\"security\",\"Supply Chain Security\"],\"articleSection\":[\"Latest News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\",\"url\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\",\"name\":\"GitHub improves supply chain security with general availability of Artifact Attestations - SD Times\",\"isPartOf\":{\"@id\":\"https:\/\/sdtimes.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg\",\"datePublished\":\"2024-06-26T16:24:32+00:00\",\"dateModified\":\"2024-06-26T16:24:32+00:00\",\"description\":\"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.\",\"breadcrumb\":{\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sdtimes.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitHub improves supply chain security with general availability of Artifact Attestations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sdtimes.com\/#website\",\"url\":\"https:\/\/sdtimes.com\/\",\"name\":\"SD Times\",\"description\":\"Software Development News\",\"publisher\":{\"@id\":\"https:\/\/sdtimes.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sdtimes.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sdtimes.com\/#organization\",\"name\":\"SD Times\",\"url\":\"https:\/\/sdtimes.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"contentUrl\":\"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png\",\"width\":225,\"height\":90,\"caption\":\"SD Times\"},\"image\":{\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SDTimesD2\",\"https:\/\/x.com\/sdtimes\",\"https:\/\/www.linkedin.com\/company\/sdtimes\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786\",\"name\":\"Jenna Barron\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g\",\"caption\":\"Jenna Barron\"},\"description\":\"Jenna Barron is News Editor of SD Times.\",\"url\":\"https:\/\/sdtimes.com\/author\/jennifer-sargent\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitHub improves supply chain security with general availability of Artifact Attestations - SD Times","description":"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/","og_locale":"en_US","og_type":"article","og_title":"GitHub improves supply chain security with general availability of Artifact Attestations - SD Times","og_description":"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.","og_url":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/","og_site_name":"SD Times","article_publisher":"https:\/\/www.facebook.com\/SDTimesD2","article_published_time":"2024-06-26T16:24:32+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg","type":"image\/jpeg"}],"author":"Jenna Barron","twitter_card":"summary_large_image","twitter_creator":"@sdtimes","twitter_site":"@sdtimes","twitter_misc":{"Written by":"Jenna Barron","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#article","isPartOf":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/"},"author":{"name":"Jenna Barron","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786"},"headline":"GitHub improves supply chain security with general availability of Artifact Attestations","datePublished":"2024-06-26T16:24:32+00:00","dateModified":"2024-06-26T16:24:32+00:00","mainEntityOfPage":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/"},"wordCount":234,"publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"image":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg","keywords":["GitHub","security","Supply Chain Security"],"articleSection":["Latest News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/","url":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/","name":"GitHub improves supply chain security with general availability of Artifact Attestations - SD Times","isPartOf":{"@id":"https:\/\/sdtimes.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage"},"image":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage"},"thumbnailUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg","datePublished":"2024-06-26T16:24:32+00:00","dateModified":"2024-06-26T16:24:32+00:00","description":"Artifact Attestations allows GitHub users to verify the integrity of GitHub Actions artifacts before they choose to deploy them.","breadcrumb":{"@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#primaryimage","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2024\/06\/padlocks-8050534_1280.jpg","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/sdtimes.com\/security\/github-improves-supply-chain-security-with-general-availability-of-artifact-attestations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sdtimes.com\/"},{"@type":"ListItem","position":2,"name":"GitHub improves supply chain security with general availability of Artifact Attestations"}]},{"@type":"WebSite","@id":"https:\/\/sdtimes.com\/#website","url":"https:\/\/sdtimes.com\/","name":"SD Times","description":"Software Development News","publisher":{"@id":"https:\/\/sdtimes.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sdtimes.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sdtimes.com\/#organization","name":"SD Times","url":"https:\/\/sdtimes.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/","url":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","contentUrl":"https:\/\/sdtimes.com\/wp-content\/uploads\/2014\/05\/deafaultlogo.png","width":225,"height":90,"caption":"SD Times"},"image":{"@id":"https:\/\/sdtimes.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SDTimesD2","https:\/\/x.com\/sdtimes","https:\/\/www.linkedin.com\/company\/sdtimes\/"]},{"@type":"Person","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/f2524e55ae19da07ea3613577da9f786","name":"Jenna Barron","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sdtimes.com\/#\/schema\/person\/image\/b4be3423b187642936e62f121111345e","url":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b128943929626cdcafccbac86bd306f9?s=96&d=mm&r=g","caption":"Jenna Barron"},"description":"Jenna Barron is News Editor of SD Times.","url":"https:\/\/sdtimes.com\/author\/jennifer-sargent\/"}]}},"_links":{"self":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55042"}],"collection":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/users\/752"}],"replies":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/comments?post=55042"}],"version-history":[{"count":1,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55042\/revisions"}],"predecessor-version":[{"id":55044,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/posts\/55042\/revisions\/55044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media\/55043"}],"wp:attachment":[{"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/media?parent=55042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/categories?post=55042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/tags?post=55042"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sdtimes.com\/wp-json\/wp\/v2\/coauthors?post=55042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}