← All Tags
# workflows github-actions

2 links tagged with all of: workflows + github-actions

Click any tag below to further narrow down your results

+ security (1) + ci-cd (1) + script-injection (1) + attestations (1) + sigstore (1) + provenance (1)

Links

GitHub - actions/attest-build-provenance: Action for generating build provenance attestations for workflow artifacts

The GitHub Actions `attest-build-provenance` action allows users to generate signed attestations for workflow artifacts, binding them to a SLSA build provenance predicate. It utilizes the Sigstore service for signing, supports both public and private repositories, and facilitates verification through the GitHub CLI, ensuring artifact integrity and provenance.
Saved by tldr-importer · Last saved October 29, 2025 · 5 min read
+ attestations github-actions ✓ + sigstore + provenance workflows ✓

GitHub Actions: A Cloudy Day for Security - Part 1

The article discusses the security considerations necessary for using GitHub Actions in CI/CD setups, emphasizing the importance of protecting workflows against potential threats from contributors with write access. It details various attack scenarios, including script injection vulnerabilities, and provides best practices for securing sensitive workflows and managing permissions effectively.
Saved by tldr-importer · Last saved October 29, 2025 · 7 min read
github-actions ✓ + security + ci-cd workflows ✓ + script-injection