Andreas/mtg_python_deckbuilder
1
0
Fork 0
mirror of https://github.com/mwisnowski/mtg_python_deckbuilder.git synced 2026-04-05 12:47:17 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
mtg_python_deckbuilder/RELEASE_NOTES_TEMPLATE.md
mwisnowski 75184a5967
feat: add SBOM generation and build provenance attestation to release workflows (#69) 
* feat: add SBOM generation and build provenance attestation to release workflows

* docs: update release notes template with SBOM unreleased entry
2026-04-02 10:44:13 -07:00

6 lines
429 B
Markdown
Raw Blame History

# MTG Python Deckbuilder
## [Unreleased]
### Added
- **SBOM & supply chain provenance**: Every tagged release now attaches source SBOMs (SPDX + CycloneDX JSON) for Python dependencies and a CycloneDX container image SBOM to the GitHub Release assets. Build provenance attestations (SLSA-style) are published for the multi-arch Docker image via the GitHub Attestations API. `provenance: mode=max` is enabled on all arch builds.
Reference in a new issue View git blame Copy permalink