Replies: 1 comment
-
| Released assets should be signed automatically. I recommend reviewing GitHub documentation about establishing provenance for builds, which explains how to implement digital signatures for your assets and ensure provenance attestation. | 
Beta Was this translation helpful? Give feedback.
                  
                    0 replies
                  
                
            
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I believe it would be helpful to share feedback on GH actions from security perspective.
How do you sign releases' assets ? Should it be done manually ?
softprops/action-gh-release#580
Beta Was this translation helpful? Give feedback.
All reactions