Artifact Attestations, now generally available, is a GitHub feature designed to enhance software supply chain security by providing verifiable links between software artifacts and their source code and build instructions. Utilizing the open-source project Sigstore for signing and verifying artifacts, this feature allows project maintainers to create tamper-proof records that connect software to its creation process, facilitating security and validity checks. The feature integrates into GitHub workflows with minimal setup, requiring only a few lines of YAML code, and supports the creation and verification of attestations using GitHub CLI. Public repositories have their attestations logged on an immutable ledger, while private ones remain confidential within GitHub's ecosystem. GitHub's role as a root certificate authority ensures a secure infrastructure for this process, eliminating the need for traditional public key infrastructure management. Artifact Attestations aim to foster a cultural shift towards increased transparency in software origins, offering a foundational layer of security that complements existing application security practices.