v2.1.0

What's Changed

• Update README w/ note about GH plans supporting attestations by @bdehamer in #136
• Add attestation-id and attestation-url outputs by @bdehamer in #137

Full Changelog: v2.0.1...v2.1.0

v2.0.1

What's Changed

• Bump actions/attest from 2.0.0 to 2.0.1 by @bdehamer in #133
  • Deduplicate subjects before adding to in-toto statement

Full Changelog: v2.0.0...v2.0.1

v2.0.0

The attest-sbom action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

• Bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in #110
• Prepare v2.0.0 release by @bdehamer in #126
  • Bump actions/attest from 1.4.1 to 2.0.0 (w/ multi-subject attestation support)

Full Changelog: v1.4.1...v2.0.0

v1.4.1

What's Changed

• Bump actions/attest from 1.4.0 to 1.4.1 by @bdehamer in #98
  • Includes bug fix for issue with authenticated proxies (actions/toolkit#1798)

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• Bump actions/attest from 1.3.3 to 1.4.0 by @bdehamer in #85
  • Add show-summary input
  • Format summary output as list

Full Changelog: v1.3.3...v1.4.0

v1.3.3

What's Changed

• Bump actions/attest from 1.3.2 to 1.3.3 by @bdehamer in #80
  • Bugfix for properly handling glob exclusion patterns in subject-path input

Full Changelog: v1.3.2...v1.3.3

v1.3.2

What's Changed

• Bump actions/attest from 1.3.1 to 1.3.2 by @bdehamer in #75
  • Increase timeout for OCI operations

Full Changelog: v1.3.1...v1.3.2

v1.3.1

What's Changed

• Bump actions/attest from 1.3.0 to 1.3.1 by @bdehamer in #72
  • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: v1.3.0...v1.3.1

v1.3.0

What's Changed

• Bump actions/attest action to v1.3.0 by @bdehamer in #71
  • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
  • Improved handling of Rekor 409 responses
  • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Bump actions/attest from 1.1.2 to 1.2.0 by @bdehamer in #67
  • Batch processing w/ exponential backoff
  • Enforce 16MB limit on predicate size
  • Bugfix when pushing attestation to OCI registry

Full Changelog: v1.1.2...v1.2.0