Eclipse Common Security Infrastructure
Recommended github practices, curated actions, share your experiences from security perspective.
#14
Replies: 1 comment
-
|
Released assets should be signed automatically. I recommend reviewing GitHub documentation about establishing provenance for builds, which explains how to implement digital signatures for your assets and ensure provenance attestation. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I believe it would be helpful to share feedback on GH actions from security perspective.
How do you sign releases' assets ? Should it be done manually ?
softprops/action-gh-release#580
Beta Was this translation helpful? Give feedback.
All reactions