Macaron Security Analysis Action

Version updated for https://github.com/oracle/macaron to version v0.24.0.

• This publisher is shown as ‘verified’ by GitHub.

• This action is used across all versions by 6 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

Macaron is a GitHub Action and software supply chain security tool developed by Oracle Labs, designed to verify the build integrity and provenance of artifacts and dependencies across ecosystems like PyPI, npm, and Go. It automates tasks such as attestation verification, detection of malicious or vulnerable packages, and reproducible build analysis to ensure that packages are trustworthy and have not been tampered with. Key capabilities include detecting compromised workflows, improving artifact traceability, and enabling secure software development practices.

• Oracle
• GitHub Actions