Not sure if this works with artifacts pushed to GHCR (Github Container Registry), for example Docker containers. I think not.<p>But it's still a good step towards more integrity in the software supply chain.<p><pre><code> We’re thrilled to announce the general availability of GitHub Artifact Attestations! Artifact Attestations allow you to guarantee the integrity of artifacts built inside GitHub Actions by creating and verifying signed attestations.</code></pre>