You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: add dual SBOMs, build provenance attestation, and release assets
Add release-assets job to publish workflow that generates CycloneDX and
SPDX SBOMs via anchore/sbom-action, signs all artifacts with Sigstore
via actions/attest-build-provenance, and uploads wheel/sdist to GitHub
releases. Improves OpenSSF Scorecard Signed-Releases from -1 to ~8/10.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
0 commit comments