Google, GitHub Collaboration Focuses on Securing Code Build Processes

The software supply chain security tool from GitHub and Google uses GitHub Actions and Sigstore to generate a “tamper-proof” record describing where, when, and how the software is produced.