VERIFRAX
Version updated for https://github.com/Verifrax/VERIFRAX to version v1.0.7.
- This action is used across all versions by ? repositories.
Action Type
This is a Node action using Node version 20.
Go to the GitHub Marketplace to find the latest changes.
Action Summary
VERIFRAX is a GitHub Action designed to serve as a deterministic CI gate for supply chain security by evaluating software artifacts against a frozen governance policy. It automates the verification of artifacts (e.g., SBOMs, provenance, or Sigstore bundles) to produce audit-grade, offline-verifiable certificates, ensuring consistent, tamper-proof policy enforcement. This action addresses the need for reliable and transparent artifact validation in CI/CD workflows and enhances supply chain security.
Release notes
Marketplace: diagnostics (invalid JSON vs invalid YAML).