-
posts
-
Understanding GitHub Artifact Attestations
GitHub recently introduced Artifact
Attestations,
a beta feature that enhances the security of Open Source software supply
chains. By linking artifacts to their source code repositories and GitHub
Actions, it ensures that artifacts are not built w...
-
Code Signing is not Enough
Code signing is often used as a method for ensuring that software artifacts
like binaries, drivers, and software packages haven’t been modified by a third
party before they are used. Many folks may be familiar with packages that were
gpg signed an...
