diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 48c960c..0401c2b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -51,6 +51,8 @@ jobs:
 
     permissions:
       contents: write
+      attestations: write
+      id-token: write
 
     steps:
       - name: Checkout code
@@ -67,6 +69,11 @@ jobs:
           cd out
           7z a -tzip -mx7 ${{ env.PLUGIN_NAME }}.zip *
 
+      - name: Generate artifact attestation
+        uses: actions/attest-build-provenance@v2
+        with:
+          subject-path: 'out/${{ env.PLUGIN_NAME }}.zip'
+
       - name: Create ${{ env.PLUGIN_NAME }} GitHub release
         uses: ncipollo/release-action@v1.13.0
         with: