Blogged: Creating provenance attestations for NuGet packages in GitHub Actions
https://andrewlock.net/creating-provenance-attestations-for-nuget-packages-in-github-actions/
In this post I discuss software provenance, what attestations are for, how they work, how to create an attestation for a NuGet package, and why that doesn't really workπ
#dotnet #security
https://andrewlock.net/creating-provenance-attestations-for-nuget-packages-in-github-actions/
In this post I discuss software provenance, what attestations are for, how they work, how to create an attestation for a NuGet package, and why that doesn't really workπ
#dotnet #security
Comments
https://andrewlock.net/creating-provenance-attestations-for-nuget-packages-in-github-actions/#update-the-redemption-arc
But with author signing... π¬π