Build a trusted CI/CD pipeline where every used open source project, artifact, or module (hopefully) is known and compatibility-tested before being integrated into a release that is going to be shipped or deployed is the most important start.
Learn how to use CodeNotary vcn (https://github.com/codenotary/vcn/rel...) to notarize every step and artifact within the pipeline by people (Developers, QA) or systems (vulnerability checker, compatibility testing software aso.) in your GitHub Actions.
https://www.codenotary.com
On this page of the site you can watch the video online Tutorial: Secure your source code and artifacts using CodeNotary vcn and GitHub Actions with a duration of hours minute second in good quality, which was uploaded by the user CodeNotary 10 April 2021, share the link with friends and acquaintances, this video has already been watched 155 times on youtube and it was liked by 1 viewers. Enjoy your viewing!