Software Supply Chain Security Articles

Page 1 of 1 (3 articles)

5/30/2024 • EN

Explains GitHub's new Artifact Attestations feature for securing software supply chains, covering its architecture and SLSA compliance.

Artifact Attestations github Github Actions Slsa Software Supply Chain Security

4/1/2022 • EN

Explains using OCI registries to store SBOMs and build provenance for non-Docker packages like npm, using Cosign for security.

Cosign Oci Registry Provenance Sbom Software Supply Chain Security

3/14/2022 • EN

A technical guide on securing software supply chains using Sigstore for signing and GitHub Actions for implementing SLSA requirements.

docker Github Actions Sbom Sigstore Software Supply Chain Security

Select Language