helping to deliver secure software updates from code to the edge.
You have been redirected to the JFrog website
This integration is designed to seamlessly collect and store GitHub Artifact Attestations and build provenance as critical evidence within JFrog’s Evidence Collection. This creates a single source of truth for the entire software development lifecycle (SDLC), connecting code-level proof with the actual production binaries.
JFrog attaches the GitHub build provenance directly to the corresponding binary throughout its entire lifecycle, all the way into production. This creates a continuous chain of evidence, providing a clear context for production binaries and making it easier to resolve issues and understand their origin.
GitHub Artifact Attestations are stored permanently in JFrog. This ensures they are always available as a key resource for enforcing policies, maintaining compliance, and providing an immutable record of the build process.
An attestation is a verifiable, cryptographically signed statement about a software artifact. In this integration, it refers to the verifiable evidence generated by GitHub (known as GitHub Artifact Attestations) that provides a secure, tamper-proof record of what happened during the build process.
Visit https://jfrog.com/jfrog-and-github/ for the latest information.