ZTA Policy Attestor
Version updated for https://github.com/SabinGhost19/policyAttestor-action to version v1.1.0.
- This action is used across all versions by ? repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
The ZTA Policy Attestor GitHub Action enhances Zero-Trust supply chain security by cryptographically binding security policies and runtime boundaries to Docker images through in-toto attestations. It automates the conversion of developer-friendly YAML security policies into strict JSON payloads, signs them using Sigstore Cosign (keyless OIDC), and attaches them to images in an OCI registry. Additionally, it supports enforcing GitOps manifest integrity by computing and embedding a manifest hash, ensuring secure and verifiable deployments.
Release notes
1.1.0 (2026-02-24)
Features
- hash feature attestation added (e80da76)