https://www.advancingengineering.dev/tags/github-actions/Recent content in Github-Actions on Advancing EngineeringHugoenWed, 20 May 2026 19:16:16 +0100https://www.advancingengineering.dev/posts/2026-05-supply-chain-security--the-second-coming-of-signing-provenance/Wed, 20 May 2026 08:54:21 +0100https://www.advancingengineering.dev/posts/2026-05-supply-chain-security--the-second-coming-of-signing-provenance/<!-- Summary paragraph (shown in post listings) --> <p>The first wave of software signing asked a simple question: <em>who signed this artifact?</em> The next wave asks a harder one: <em>can you prove where it came from, how it was built, and whether it ever left the trusted path?</em> That shift, from signing files to signing provenance, is where supply chain security is heading.</p>