That's why I stick mostly with Github actions and pin the SHA of the commits instead of the tag version.
yes, it supports it, but it's not the default, is a pain and fills your build file with a load of noise
so very few use it
it's not made obvious that the tag isn't immutable
although you might be happy with the contents of what you've imported right now, who says it won't be malicious in a year's time
people inadvertently give full control of their build and all their secrets to whoever controls that repository (now, and in the future)
making it easy to do the right thing is an important part of API design and building secure systems, and these CI systems fail miserably there
Immutable releases are in public preview and hopefully will make it easier to do the right thing.
https://github.blog/changelog/2025-08-26-releases-now-suppor...
I don't see how that solves this problem as long as the attacker can delete and recreate a repository
sigstore's main design goal seems to be to increase the lock-in of of "trusted" providers
(the idea that Microsoft should be trusted for anything requiring any level of security is entirely ludicrous)
It’s a good first step, but a significant number of GitHub Actions pull a Docker image from a repository such as Docker Hub. In those cases, the GitHub Action being immutable wouldn’t prevent the downstream Docker image from being mutated.
yes, it supports it, but it's not the default, is a pain and fills your build file with a load of noise
so very few use it
it's not made obvious that the tag isn't immutable
although you might be happy with the contents of what you've imported right now, who says it won't be malicious in a year's time
people inadvertently give full control of their build and all their secrets to whoever controls that repository (now, and in the future)
making it easy to do the right thing is an important part of API design and building secure systems, and these CI systems fail miserably there
Immutable releases are in public preview and hopefully will make it easier to do the right thing.
https://github.blog/changelog/2025-08-26-releases-now-suppor...
I don't see how that solves this problem as long as the attacker can delete and recreate a repository
sigstore's main design goal seems to be to increase the lock-in of of "trusted" providers
(the idea that Microsoft should be trusted for anything requiring any level of security is entirely ludicrous)
It’s a good first step, but a significant number of GitHub Actions pull a Docker image from a repository such as Docker Hub. In those cases, the GitHub Action being immutable wouldn’t prevent the downstream Docker image from being mutated.