ITSEC-2280 Add the remaining artifacts for SBOM signing (#250)

* ITSEC-2280 Add Dependency Review job; Add SBOM signing. * ITSEC-2280 Update CODEOWNERS to include Product Security on .github * ITSEC-2280: Fix the dependency review action Signed-off-by: immutable-art <[email protected]> * ITSEC-2280 Update permissions for GH attestations Signed-off-by: immutable-art <[email protected]> * ITSEC-2280: Add 'contracts' for artifact signing Signed-off-by: immutable-art <[email protected]> * ITSEC-2280: Add the remaining meta files for attestation Signed-off-by: immutable-art <[email protected]> --------- Signed-off-by: immutable-art <[email protected]>
immutable · Oct 17, 2024 · 7fe0e65 · 7fe0e65
1 parent 5e55aec
commit 7fe0e65
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -67,6 +67,9 @@ jobs:
           subject-path: |
             dist
             contracts
+            README.md
+            LICENSE.md
+            package.json
   
       - name: Publish package
         uses: JS-DevTools/npm-publish@v1