Tutorials
On this page, you will find tutorials to get you started with Macaron. The tutorials show Macaron in action, analyzing a software component and its dependencies that are built using GitHub Actions or GitLab. Macaron supports artifacts published on GitHub release, Maven Central, or privately hosted registries, such as JFrog. For the full list of supported technologies, such as CI services, registries, and provenance types see this page.
- Analyzing and comparing different versions of an artifact
- Detecting malicious packages
- Provenance discovery, extraction, and verification
- Detecting a malicious Java dependency uploaded manually to Maven Central
- Generate Verification Summary Attestation
- How to use Verification Summary Attestations
- Exclude and include checks in Macaron