Version updated for https://github.com/SabinGhost19/policyAttestor-action to version v1.2.0. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The ZTA Policy Attestor GitHub Action automates the process of binding a security policy to a Docker image to enhance Zero-Trust supply chain security. It converts a YAML security policy into a strict JSON payload, generates an in-toto attestation using Sigstore Cosign (keyless/OIDC), and attaches it to the image in the OCI registry.

Version updated for https://github.com/SabinGhost19/policyAttestor-action to version v1.1.0. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The ZTA Policy Attestor GitHub Action enhances Zero-Trust supply chain security by cryptographically binding security policies and runtime boundaries to Docker images through in-toto attestations. It automates the conversion of developer-friendly YAML security policies into strict JSON payloads, signs them using Sigstore Cosign (keyless OIDC), and attaches them to images in an OCI registry.

Version updated for https://github.com/SabinGhost19/policyAttestor-action to version v1.0.6. This action is used across all versions by ? repositories. Action Type This is a Composite action. Go to the GitHub Marketplace to find the latest changes. Action Summary The ZTA Policy Attestor GitHub Action enhances Zero-Trust supply chain security by cryptographically binding infrastructure and runtime security policies to Docker images. It automates the conversion of a developer-friendly YAML security policy into a strict JSON format, attaches it as an in-toto attestation using Sigstore Cosign, and stores it in an OCI registry.