StepSecurity Logo
StepSecurity
LoginStart free
actions/attest-build-provenance

actions/attest-build-provenance

Action for generating build provenance attestations for workflow artifacts

GitHubGitHub Repository

953 stars

Composite

Score updated 4 days ago

Composite Action Details

Pinnable

Yes

GitHub Actions security score

actions/attest-build-provenance

Score

8/10

License

MIT License

Maintained

1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1

Vulnerabilities

0 existing vulnerabilities detected

Branch protection

branch protection is not maximal on development and all release branches

Manual code review

-

Secure publishing

-

Signed commits

-

Automated security tools

-

Popular

Used by 6184 open-source projects

Security Policy

security policy file detected

Networking Behavior of actions/attest-build-provenance

This GitHub Action often makes outbound network calls to these destinations, as gathered from public workflows using the Harden-Runner GitHub Action. Harden-Runner offers network egress filtering and runtime security for both GitHub-hosted and self-hosted runners.

Popular DestinationUnknown Destination
Network DestinationOwner
fulcio.sigstore.devSigstoreSigstore
rekor.sigstore.devSigstoreSigstore
api.github.comGitHubGitHub
index.docker.ioDockerHubDockerHub
quay.ioUnknown
ghcr.ioGitHubGitHub
production.cloudflare.docker.comDockerHubDockerHub
auth.docker.ioDockerHubDockerHub
registry-1.docker.ioDockerHubDockerHub
github.comGitHubGitHub
fulcio.githubapp.comUnknown
timestamp.githubapp.comUnknown
docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.comDockerHubDockerHub
244531986313.dkr.ecr.eu-central-1.amazonaws.comUnknown
winatp-gw-cus.microsoft.comMicrosoftMicrosoft
us-docker.pkg.devUnknown
release-assets.githubusercontent.comGitHubGitHub
raw.githubusercontent.comGitHubGitHub
tuf-repo-cdn.sigstore.devSigstoreSigstore
392159838427.dkr.ecr.eu-west-1.amazonaws.comUnknown
timestamp.sigstore.devSigstoreSigstore
settings-win.data.microsoft.comMicrosoftMicrosoft
tuf-repo.github.comGitHubGitHub
tmaproduction.blob.core.windows.netUnknown
packages.microsoft.comMicrosoftMicrosoft
init.itunes.apple.comUnknown
updates.cdn-apple.comUnknown
swdist.apple.com.akadns.netUnknown
gdmf.apple.comUnknown
109714237290.dkr.ecr.ap-southeast-1.amazonaws.comUnknown
geo.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
kv501.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
cp501.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
download.windowsupdate.comUnknown
au.download.windowsupdate.comUnknown
sts.googleapis.comGoogleGoogle
mobile.events.data.microsoft.comMicrosoftMicrosoft
gateway-oblivious.apple.comUnknown
0.pool.ntp.orgUnknown
ocsp2.apple.comUnknown
weather-edge.apple.comUnknown
ipcdn.apple.comUnknown
ipcdn-lb.apple.com.akadns.netUnknown
device-config.pcms.apple.comUnknown
configuration.ls.apple.comUnknown
swscan.apple.comUnknown
kv801.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
ocsp.digicert.comUnknown
oneocsp.microsoft.comMicrosoftMicrosoft
cds.apple.comUnknown
help.apple.comUnknown
gsa.apple.comUnknown
gateway.icloud.comUnknown
mesu.apple.comUnknown
fpinit.itunes.apple.comUnknown
cdn-h3.g.aaplimg.comUnknown
configuration.apple.comUnknown
c.apple.newsUnknown
sf-api-token-service.itunes.apple.comUnknown
xp.itunes-apple.com.akadns.netUnknown
e5977.dsce9.akamaiedge.netUnknown
swdist.g.aaplimg.comUnknown
valid.apple.comUnknown
news-edge.apple.comUnknown
mask.icloud.comUnknown
assets-mercury.mzstatic.comUnknown
mask-api.icloud.comUnknown
dns.googleUnknown
_dns.resolver.arpaUnknown
apps.mzstatic.comUnknown
swdist.apple.comUnknown
gdmf-ados.apple.comUnknown
gsp-ssl.ls.apple.comUnknown
fbs.smoot.apple.comUnknown
dap.pat-issuer.cloudflare.comUnknown
configuration.apple.com.akadns.netUnknown
s.mzstatic.comUnknown
xp.apple.comUnknown
pancake.apple.comUnknown
bag.itunes.apple.comUnknown
amp-api.media.apple.comUnknown
swallow.apple.comUnknown
xp-cdn-lb.itunes-apple.com.akadns.netUnknown
bag-cdn-lb.itunes-apple.com.akadns.netUnknown
calendars.icloud.comUnknown
v1.ta2.fe2cr.update.microsoft.comMicrosoftMicrosoft
metrics.icloud.comUnknown
ocsp2.g.aaplimg.comUnknown
configuration-row-lb.apple.com.akadns.netUnknown
apple-relay.fastly-edge.comUnknown
experiments.apple.comUnknown
mesu-cdn.origin-apple.com.akadns.netUnknown
api.apple-cloudkit.fe2.apple-dns.netUnknown
humb.apple.comUnknown
apple-relay.cloudflare.comUnknown
cp801.prod.do.dsp.mp.microsoft.comMicrosoftMicrosoft
cafe.github.comGitHubGitHub
gspe35-ssl.ls.apple.comUnknown
help.v.aaplimg.comUnknown
gateway.fe2.apple-dns.netUnknown
init-kt.apple.comUnknown