| CARVIEW |
Select Language
HTTP/2 301
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /en/actions/how-tos/security-for-github-actions/using-artifact-attestations
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 6846:194701:3967C:4F95C:687ED9C7
accept-ranges: bytes
age: 0
date: Tue, 22 Jul 2025 00:22:46 GMT
via: 1.1 varnish
x-served-by: cache-hyd1100026-HYD
x-cache: MISS
x-cache-hits: 0
x-timer: S1753143766.165711,VS0,VE361
vary: Accept
strict-transport-security: max-age=31557600
content-length: 109
HTTP/2 200
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data:;script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
x-powered-by: Next.js
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 666D:3F389C:37111:4D631:687ED9D6
content-encoding: gzip
accept-ranges: bytes
age: 1
date: Tue, 22 Jul 2025 00:22:48 GMT
via: 1.1 varnish
x-served-by: cache-hyd1100026-HYD
x-cache: MISS
x-cache-hits: 0
x-timer: S1753143767.547129,VS0,VE2395
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 32254
Using artifact attestations - GitHub Docs
Skip to main content
GitHub Docs
Search or ask Copilot
Select language: current language is English
Search or ask Copilot
Open menu
Open Sidebar
Using artifact attestations
Use artifact attestations to establish build provenance for the software you produce and to verify the software you consume.
Using artifact attestations to establish provenance for builds
Artifact attestations enable you to increase the supply chain security of your builds by establishing where and how your software was built.
Using artifact attestations and reusable workflows to achieve SLSA v1 Build Level 3
Building software with reusable workflows and artifact attestations can streamline your supply chain security and help you achieve SLSA v1.0 Build Level 3.
Enforcing artifact attestations with a Kubernetes admission controller
Use an admission controller to enforce artifact attestations in your Kubernetes cluster.
Verifying attestations offline
Artifact attestations can be verified without an internet connection.
Managing the lifecycle of artifact attestations
Search for and delete attestations that you no longer need.