Immutable releases are releases where the assets and associated Git tag cannot be changed after publication. The use of this type of release increases security by blocking supply chain attacks.

Attackers cannot:

• Inject vulnerabilities or malware into current project releases.
• Make changes to assets and tags that may break developer workflows.

The releases tags and artefacts can be also cryptographically verified.