Version updated for https://github.com/SabinGhost19/policyAttestor-action to version v1.1.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The ZTA Policy Attestor GitHub Action enhances Zero-Trust supply chain security by cryptographically binding security policies and runtime boundaries to Docker images through in-toto attestations. It automates the conversion of developer-friendly YAML security policies into strict JSON payloads, signs them using Sigstore Cosign (keyless OIDC), and attaches them to images in an OCI registry. Additionally, it supports enforcing GitOps manifest integrity by computing and embedding a manifest hash, ensuring secure and verifiable deployments.

Release notes

1.1.0 (2026-02-24)

Features

• hash feature attestation added (e80da76)

• SabinGhost19
• GitHub Actions