---
component: provenance-governor
version: "1.7"
slug: provenance-governor/ci-cd-integration
canonical_url: "https://docs.gradle.com/develocity/provenance-governor/1.7/ci-cd-integration/"
title: "CI/CD Integration"
description: "Integrating Develocity Provenance Governor with CI/CD systems and workflows."
keywords:
  - "continuous integration"
  - "attestation"
  - "supply chain"
  - "API"
status: current
---

<!-- llms-index: https://docs.gradle.com/develocity/llms.txt -->

# CI/CD Integration

<a id="github-actions"></a>

## GitHub Actions

[GitHub Actions](https://github.com/gradle/develocity-provenance-governor-actions) are provided for both attestation publishing and enforcement of Policy Scan™ evaluations as part of your workflow.

Both actions require a GitHub token to authenticate with the Develocity Provenance Governor API. You can base your access control policy on this token. For example:

```yaml
apiVersion: policy.gradle.com/v1
kind: AccessControl
metadata:
  name: example
spec:
  identityMatchingStrategy:
    withOidc:
      - withIssuerUri: "https://token.actions.githubusercontent.com"
        withClaims:
          repository_owner: example-org
```

Usage examples:

**Publish Attestation Example:**

```
uses: gradle/develocity-provenance-governor-actions/publish@main
with:
  attestation-publisher-url: 'https://provenance-governor.example.com'
  build-scan-ids: eo5xxyg3drtoc
  build-scan-queries: 'value:"CI run=${{ github.run_id }}"'
  subject-type: oci
  subject-name: java-payment-calculator
  subject-version: 1.2.3
  subject-digest: 1a6b2bf83435f2a9ccd33519ad3e817bf79aee6af1c7a15d26d8a256bfa9cc94
  subject-repository-url: develocitytia.jfrog.io/docker-trial
```

**Enforce Policy Example:**

```
uses: gradle/develocity-provenance-governor-actions/enforce@main
with:
  policy-evaluator-url: 'https://provenance-governor.example.com'
  subject-type: oci
  subject-name: java-payment-calculator
  subject-version: 1.2.3
  subject-digest: 1a6b2bf83435f2a9ccd33519ad3e817bf79aee6af1c7a15d26d8a256bfa9cc94
  subject-repository-url: develocitytia.jfrog.io/docker-example-repo
  policy-scan: ci-enforcement
```

<a id="integration-with-other-cicd"></a>

## Integration with Other CI/CD

The REST API supports attestation publishing and Policy Scan evaluation from any automation. See [Operations](https://docs.gradle.com/develocity/provenance-governor/1.7/api-reference/) for endpoint details and further scriptable examples.