Trace Deployments to CI/CD Pipeline and Commit

Tutorial

In this tutorial, you will publish a docker image and then trace the published image back to the GitHub Actions workflow run that pushed it and the commit that triggered the workflow.

Go to the Actions tab and run the Publish Docker workflow. This workflow is setup to publish a docker image to GitHub Container Registry in your forked repository.
Click on the StepSecurity Report link in the markdown
You will notice a tab for Provenance. Click on that tab. You should see a record for the container image that was published by the workflow.
The record shows the image's digest along with the workflow run that published it, and who triggered it etc.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provenance.md

Provenance.md

Trace Deployments to CI/CD Pipeline and Commit

Tutorial

Files

Provenance.md

Latest commit

History

Provenance.md

File metadata and controls

Trace Deployments to CI/CD Pipeline and Commit

Tutorial