From eb2af168f54d9ece7c2b6ff718c1d195bda801fc Mon Sep 17 00:00:00 2001
From: Krishna Manchikalapudi <krishnam@jfrog.com>
Date: Tue, 7 Oct 2025 10:00:24 -0700
Subject: [PATCH] attestation with subejct-path

---
 .github/workflows/jf-cli.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/jf-cli.yml b/.github/workflows/jf-cli.yml
index 291b5f3ae..9dd022e88 100755
--- a/.github/workflows/jf-cli.yml
+++ b/.github/workflows/jf-cli.yml
@@ -231,11 +231,14 @@ jobs:
           jf rt bdc ${{env.RT_REPO_DOCKER_VIRTUAL}} --image-file ${{env.DOCKER_METADATA_JSON}} --build-name=${{env.BUILD_NAME}} --build-number=${{env.BUILD_ID}}
 
 
-      - name: "Evidence: GitHub Attestation"
-        uses: actions/attest-build-provenance@v3
+      - name: "Evidence: GitHub Attestation"  
+        uses: actions/attest-build-provenance@v3     # https://github.com/marketplace/actions/attest-build-provenance
         with:
           subject-name: "oci://${{env.RT_REPO_DOCKER_URL}}"
-          subject-digest: "${{env.DOCKER_IMAGE_DIGEST}}"   #  "${{steps.config-docker.outputs.digest}}"
+          subject-digest: "${{env.DOCKER_IMAGE_DIGEST}}"   
+          subject-path: "${{env.RT_REPO_DOCKER_URL}}"
+          show-summary: true
+          github-token: ${{secrets.GITHUB_TOKEN}} 
 
 
       - name: "BuildInfo: Build Publish"