Generate Generic Attestations

Version updated for https://github.com/actions/attest to version v4.1.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 269 repositories.

Action Type

This is a Node action using Node version 24.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The actions/attest GitHub Action generates signed attestations for workflow artifacts, ensuring their integrity and provenance using the in-toto format. Powered by Sigstore, it automates the creation, signing, and storage of artifact attestations, providing traceable evidence for build provenance, SBOMs (Software Bill of Materials), or custom artifact assertions. This action streamlines artifact verification and enhances supply chain security for both public and private repositories.

Release notes

What’s Changed

• Bump @actions/attest from 3.0.0 to 3.1.0 by @bdehamer in https://github.com/actions/attest/pull/362
• Bump @actions/attest from 3.1.0 to 3.2.0 by @bdehamer in https://github.com/actions/attest/pull/365
• Add new subject-version input for inclusion in storage record by @bdehamer in https://github.com/actions/attest/pull/364
• Add storage record content to README by @bdehamer in https://github.com/actions/attest/pull/366

Full Changelog: https://github.com/actions/attest/compare/v4.0.0...v4.1.0

• actions
• GitHub Actions