Publish Release Assets to Asset Transparency Log
ActionsTags
(2)This action adds all release assets for a project release on GitHub to the Asset Transparency Log.
You or your users can then later verify GitHub is delivering the correct content by using Asset Transparency aware tools like tl get or tl verify.
Encouraging use of Asset Transparency log clients, like tl, provides additional protection against attacks that modify release binaries or source code (e.g. GitHub account compromise, man in the middle, etc)
If you aren't familiar with release assets they are this section on a GitHub release page:
Optional A space separated list of additional URLs that should be registered besides the the GitHub release assets. Default "".
The list of verified URLs
The list of URLs that failed to match the asset logs digest
Publish Release Assets to Asset Transparency Log is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.
About
Tags
(2)Publish Release Assets to Asset Transparency Log is not certified by GitHub. It is provided by a third-party and is governed by separate terms of service, privacy policy, and support documentation.