diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5c3c1bf..684de45 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,10 @@ jobs:
             runner: macos-14
       fail-fast: false
     runs-on: ${{ matrix.runner }}
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     steps:
       - uses: actions/checkout@v4
       - run: pipx install poetry
@@ -39,6 +43,9 @@ jobs:
       - run: poetry install --only=main,nuitka --sync --no-root --extras=non-termux --no-interaction
       - run: poetry run --no-interaction python -m nuitka --standalone --python-flag='-m' --assume-yes-for-downloads nitro_generator_checker
       - run: mv config.toml nitro_generator_checker.dist/
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: nitro_generator_checker.dist
       - uses: actions/upload-artifact@v4
         with:
           name: artifact-${{ matrix.name }}