diff --git a/.github/actions/build-electron/action.yml b/.github/actions/build-electron/action.yml
index 81f4d631ea..b2d1de032f 100644
--- a/.github/actions/build-electron/action.yml
+++ b/.github/actions/build-electron/action.yml
@@ -278,6 +278,11 @@ runs:
       with:
         name: generated_artifacts_${{ env.ARTIFACT_KEY }}
         path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}
+    - name: Generate artifact attestation
+      if: always() && !cancelled()
+      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
+      with:
+        subject-path: ./generated_artifacts_${{ inputs.artifact-platform }}_${{ inputs.target-arch }}/*
     - name: Upload Src Artifacts ${{ inputs.step-suffix }}
       uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
       with:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f940f98067..fada4d3c85 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -246,6 +246,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
@@ -265,6 +266,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
@@ -284,6 +286,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -307,6 +310,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -329,6 +333,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -350,6 +355,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -371,6 +377,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -390,6 +397,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -409,6 +417,7 @@ jobs:
       contents: read
       issues: read
       pull-requests: read
+      id-token: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}