forgeseal

Version updated for https://github.com/sns45/forgeseal to version v0.4.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Forgeseal is a GitHub Action designed to enhance supply chain security for various programming ecosystems, including JavaScript, Python, Go, Rust, and Java. It automates the generation of CycloneDX Software Bill of Materials (SBOMs), keyless signing with Sigstore, creation of SLSA provenance attestations, and management of VEX vulnerability documents. By streamlining compliance with the EU Cyber Resilience Act, it simplifies security tasks like dependency analysis, vulnerability triage, and artifact integrity validation.

What’s Changed

Changelog

• ebb819fae8f25453ba97d6fa52cbf4b1352a88c0 Add Go module (go.mod/go.sum) lockfile support (#15)
• 48916b3ecaa01e69c15e44db9ae2d6a95d949e3a Add Java/Gradle gradle.lockfile support (#20)
• 2d216bec8823a3f230b13bc1bed625a1c0527baf Add Rust Cargo.lock lockfile support (#19)
• a8c4c737cbcb3b5417c354179161ba4a809f4bb8 Add real-world lockfile fixtures for Go/Rust/Gradle parsers (#24)
• b6bdbac2d80f3a403760e40e7ea8654b3ef7c313 Document lockfile detection priority in README (#25)
• c2fc7b1c69c0b6067915dc97dcf2857d52f452e8 Dogfood Go/Rust/Gradle ecosystems in CI (#23)
• 498015085a21975d77ea6f6fb2abbae86778ad5e Integrate Go, Rust, and Gradle lockfile support (#21)

• Sns45
• GitHub Actions