In this tutorial, you will publish a docker image and then trace the published image back to the GitHub Actions workflow run that pushed it and the commit that triggered the workflow.
-
Go to the
Actionstab and run thePublish Dockerworkflow. This workflow is setup to publish a docker image toGitHub Container Registryin your forked repository. -
Click on the
StepSecurity Reportlink in the markdown -
You will notice a tab for
Provenance. Click on that tab. You should see a record for the container image that was published by the workflow. -
The record shows the image's digest along with the workflow run that published it, and who triggered it etc.
