github · GitHub Actions Docs

Actions Artifact attestations - GitHub Docs

Explains the concept and implementation of generating and verifying cryptographically signed provenance for workflow artifacts to ensure supply chain security.

Import to Prompt Buddy

Derived skill

Files assembled from official documentation

Viewing SKILL.md

Actions Artifact attestations - GitHub Docs

Explains the concept and implementation of generating and verifying cryptographically signed provenance for workflow artifacts to ensure supply chain security.

When To Use

Use when you need to implement cryptographically signed provenance for build artifacts to prevent tampering during the software supply chain process.

Reference Files

File	Contains	Use For
`SKILL.md`	Entry point: scope, routing table, and workflow.	Start here.
`docs/actions-security-artifact-attestations-github-docs-workflow-guide.md`	An overview of GitHub Actions artifact attestations, including SLSA levels and how GitHub generates them.	Questions about an overview of GitHub Actions artifact attestations, including SLSA levels and how GitHub generates them.

What This Skill Covers

- GitHub Actions / - Concepts / - Security / - Artifact attestations
Main sections: In this article, Overview, SLSA levels for artifact attestations, How GitHub generates artifact attestations, When to generate attestations.

Workflow

Open the most relevant file under docs/ for the exact documented workflow and wording.
Open schemas/ files for exact structured contracts.
Open examples/ files for concrete requests, commands, snippets, and manifests.
Do not add behavior or configuration that is not present in the attached source files.

Canonical source: https://docs.github.com/en/actions/concepts/security/artifact-attestations