The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a “tamper-proof” record describing where, when, and how the software is produced.

from Dark Reading https://ift.tt/7I2etGW
via IFTTT