Macaron Security Analysis Action

Version updated for https://github.com/oracle/macaron to version v0.22.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 6 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Macaron is a GitHub Action and software supply chain security analysis tool designed to verify the build integrity of software artifacts and their dependencies. It automates tasks such as provenance validation, detection of suspicious or vulnerable packages (e.g., GitHub Actions), and reproducible build analysis to identify tampered or compromised workflows. Key capabilities include attestation verification, detection of malicious or vulnerable packages, and improving artifact traceability by analyzing repositories and build scripts.

Release notes

v0.22.0 (2026-02-25)

Feat

• prepare metadata for Macaron Action to publish on Marketplace (#1315)
• add the JSON schema for the default Macaron buildspec (#1314)

• oracle
• GitHub Actions