actions/cargo-install
actions/cargo-install
3
0
Fork 0
mirror of https://github.com/dtolnay/install.git synced 2025-01-31 07:01:20 +01:00
Code Issues Projects Activity Pipelines

Mention artifact attestation in readme

Browse source
This commit is contained in:
David Tolnay 2025-01-26 14:09:38 -08:00
parent 52e1946d1d
commit d24f3ce443
No known key found for this signature in database
GPG key ID: F9BA143B95FF6D82
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -29,6 +29,14 @@ jobs:
| `crate` | ✓ | Name of crate as published to crates.io |
| `bin` | | Name of binary; default = same as crate name |
## Security
Binaries are cryptographically signed and verified using [GitHub artifact
attestation] to establish the build's provenance, including the specific
workflow file and workflow run that produced the artifact.
[GitHub artifact attestation]: https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds
## License
The scripts and documentation in this project are released under the [MIT