Witness

DevOps Engineer

Dec 5, 2023 · Information Security

Using Witness for Software Supply Chain Security in Non‑GitHub Environments

This article explains how to generate and verify software artifact provenance with the Witness framework in non‑GitHub ecosystems, covering installation, key creation, configuration, running, signing, and policy verification to achieve higher SLSA levels.