VBBI Voucher Attestor

April 17, 2026

Version updated for https://github.com/SabinGhost19/Voucher-Based-Build-Integrity-Action to version 1.0.

This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The VBBI Voucher Attestor GitHub Action automates the creation of a voucher-based build integrity (VBBI) attestation by processing an ordered list of build steps, applying HMAC chaining, and generating a Merkle root. It enhances build security by verifying the integrity of build artifacts and attaching a Cosign attestation, supporting compliance with SLSA standards and enabling secure supply chain practices. The action integrates with HMAC and Vault Transit for cryptographic operations, ensuring flexibility in secure key management.

What’s Changed

Full Changelog: https://github.com/SabinGhost19/Voucher-Based-Build-Integrity-Action/commits/1.0

SabinGhost19
GitHub Actions