Skip to content

Navigation Menu

Appearance settings

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

Appearance settings

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

actions / attest-sbom Public

generated from actions/typescript-action

Notifications
Fork 4
Star 31

Code
Issues 4
Pull requests
Actions
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Security
Insights

Releases: actions/attest-sbom

Releases · actions/attest-sbom

v2.4.0

11 Jun 17:46

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v2.4.0 Latest

Marketplace

Latest

Marketplace

What's Changed

Bump actions/attest from 2.2.1 to 2.3.0 in the actions-minor group by @dependabot in #169
Bump undici from 5.28.5 to 5.29.0 by @dependabot in #172
Bump actions/attest from 2.3.0 to 2.4.0 by @bdehamer in #178
- Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run

Full Changelog: v2.2.0...v2.4.0

Contributors

bdehamer and dependabot

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v2.2.0

22 Jan 17:30

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v2.2.0

Marketplace

Marketplace

What's Changed

Bump actions/attest from v2.1.0 to v2.2.0 by @bdehamer in #148
- Includes support for new subject-checksums input parameter

Full Changelog: v2.1.0...v2.2.0

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v2.1.0

09 Dec 21:52

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v2.1.0

Marketplace

Marketplace

What's Changed

Update README w/ note about GH plans supporting attestations by @bdehamer in #136
Add attestation-id and attestation-url outputs by @bdehamer in #137

Full Changelog: v2.0.1...v2.1.0

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v2.0.1

06 Dec 15:38

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v2.0.1

Marketplace

Marketplace

What's Changed

Bump actions/attest from 2.0.0 to 2.0.1 by @bdehamer in #133
- Deduplicate subjects before adding to in-toto statement

Full Changelog: v2.0.0...v2.0.1

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v2.0.0

04 Dec 15:58

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v2.0.0

Marketplace

Marketplace

The attest-sbom action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

Bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in #110
Prepare v2.0.0 release by @bdehamer in #126
- Bump actions/attest from 1.4.1 to 2.0.0 (w/ multi-subject attestation support)

Full Changelog: v1.4.1...v2.0.0

Contributors

bdehamer and dependabot

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v1.4.1

22 Aug 19:10

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.4.1

Marketplace

Marketplace

What's Changed

Bump actions/attest from 1.4.0 to 1.4.1 by @bdehamer in #98
- Includes bug fix for issue with authenticated proxies (actions/toolkit#1798)

Full Changelog: v1.4.0...v1.4.1

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v1.4.0

30 Jul 20:31

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.4.0

Marketplace

Marketplace

What's Changed

Bump actions/attest from 1.3.3 to 1.4.0 by @bdehamer in #85
- Add show-summary input
- Format summary output as list

Full Changelog: v1.3.3...v1.4.0

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v1.3.3

09 Jul 17:09

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.3.3

Marketplace

Marketplace

What's Changed

Bump actions/attest from 1.3.2 to 1.3.3 by @bdehamer in #80
- Bugfix for properly handling glob exclusion patterns in subject-path input

Full Changelog: v1.3.2...v1.3.3

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v1.3.2

17 Jun 17:36

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.3.2

Marketplace

Marketplace

What's Changed

Bump actions/attest from 1.3.1 to 1.3.2 by @bdehamer in #75
- Increase timeout for OCI operations

Full Changelog: v1.3.1...v1.3.2

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

v1.3.1

13 Jun 21:59

bdehamer

This commit was created on GitHub.com and signed with GitHub’s verified signature.

GPG key ID: B5690EEEBB952194

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.3.1

Marketplace

Marketplace

What's Changed

Bump actions/attest from 1.3.0 to 1.3.1 by @bdehamer in #72
- Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: v1.3.0...v1.3.1

Contributors

bdehamer

Assets 2

Loading

Uh oh!

There was an error while loading. Please reload this page.

All reactions

Previous 1 2 Next

Previous Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.