Macaron Security Analysis Action
Version updated for https://github.com/oracle/macaron to version v0.22.0.
- This publisher is shown as ‘verified’ by GitHub.
- This action is used across all versions by 6 repositories.
Action Type
This is a Composite action.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
Macaron is a GitHub Action and software supply chain security analysis tool designed to verify the build integrity of software artifacts and their dependencies. It automates tasks such as provenance validation, detection of suspicious or vulnerable packages (e.g., GitHub Actions), and reproducible build analysis to identify tampered or compromised workflows. Key capabilities include attestation verification, detection of malicious or vulnerable packages, and improving artifact traceability by analyzing repositories and build scripts.
Release notes
v0.22.0 (2026-02-25)
Feat
- prepare metadata for Macaron Action to publish on Marketplace (#1315)
- add the JSON schema for the default Macaron buildspec (#1314)