Learn how to create attestations for Software Bill of Materials (SBOM) documents in GitHub Actions. This process helps provide confidence in the dependencies and components used in your NuGet packages or applications. The guide explains how to use GitHub's `actions/attest-sbom` action and addresses the challenges with verifying attestations for NuGet packages due to modifications made by nuget.org.
Table of contents
Supply chain security and attestationsGenerating attestations for an SBOMUpdating a workflow to generate SBOM attestationsViewing the output of the attestationVerifying SBOM attestationsSummarySort: