actions/cargo-install
actions/cargo-install
3
0
Fork 0
mirror of https://github.com/dtolnay/install.git synced 2025-01-31 07:01:20 +01:00
Code Issues Projects Activity Pipelines

Merge pull request #25 from dtolnay/security

Browse source 
Mention artifact attestation in readme
This commit is contained in:
David Tolnay 2025-01-26 14:12:47 -08:00 committed by GitHub
commit 1ad705d14f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -29,6 +29,14 @@ jobs:
| `crate` | ✓ | Name of crate as published to crates.io | | `crate` | ✓ | Name of crate as published to crates.io |
| `bin` | | Name of binary; default = same as crate name | | `bin` | | Name of binary; default = same as crate name |
## Security
Binaries are cryptographically signed and verified using [GitHub artifact
attestation] to establish the build's provenance, including the specific
workflow file and workflow run that produced the artifact.
[GitHub artifact attestation]: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
## License ## License
The scripts and documentation in this project are released under the [MIT The scripts and documentation in this project are released under the [MIT