all InfoSec news
Unlocking secure software distribution with Minder and GitHub Artifact Attestations
DEV Community dev.to
Yesterday, GitHub announced an important new security feature called GitHub Artifact Attestations. It's powered by sigstore (a technology created by our CTO, Luke Hinds) and it helps developers generate and verify signed attestations for anything made with GitHub Actions.
We participated in the private beta for this and have already integrated support into Minder. Specifically, you can now use Minder to apply enhanced security policies using the contents of these signed attestations—for example, validating SBOM data like licenses, or …
actions artifact beta called cto developers distribution feature github github actions important luke hinds opensource private secure software security sigstore software technology verify