Generate Generic Attestations

Version updated for https://github.com/actions/attest to version v3.2.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 177 repositories.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The actions/attest GitHub Action automates the generation and signing of artifact attestations, linking workflow artifacts to their associated assertions (predicates) using the in-toto format. It ensures the provenance and integrity of build artifacts by creating verifiable, short-lived signatures via Sigstore, and uploads these signed attestations to the GitHub attestations API for tracking and verification. This action is ideal for projects that require artifact traceability and secure supply chain practices.

Release notes

What’s Changed

• Bump the npm-development group with 3 updates by @dependabot[bot] in https://github.com/actions/attest/pull/320
• Validate repository org-ownership before storage record creation by @malancas in https://github.com/actions/attest/pull/328
• Update version to 3.2.0 by @malancas in https://github.com/actions/attest/pull/334

Full Changelog: https://github.com/actions/attest/compare/v3.1.0...v3.2.0

• actions
• GitHub Actions