Integrating Asset Transparency into your software release process helps protect your users from attacks on your file servers. And there are a number of options to quickly integrate into existing release processes.
GitHub Release Assets are a common place for projects to host their downloadable files. If you are using GitHub checkout the Asset Transparency GitHub Action for release assets.
Run tl verify in Release Scripts many projects have release scripts that maintainers run to build and upload releases. A simple solution is to run
tl verify $URL $LOCAL_FILE in those scripts to add uploaded assets to Asset Transparency. Download
tl for macOS, Linux, and Windows. If you prefer containers see the
docker run example documentation.
Use a shell script larger projects or projects with tight security auditing may have trouble introducing a new tool or container to the release environment. In that case consider using this easy to audit shell script.