From 6865550d0380db508fc599a58cc87c50c0bba5c5 Mon Sep 17 00:00:00 2001
From: Meredith Lancaster <malancas@users.noreply.github.com>
Date: Fri, 16 Jan 2026 10:20:21 -0800
Subject: [PATCH] Add more documentation on Artifact Metadata Storage Records
 (#797)

* add section on artifact storage records

Signed-off-by: Meredith Lancaster <malancas@github.com>

* reorganize storage record section

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add additional requirements for record generation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* typo

Signed-off-by: Meredith Lancaster <malancas@github.com>

* wording

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update README.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* lines should not exceed 80 characters

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Update README.md

Co-authored-by: Brian DeHamer <bdehamer@github.com>

* line wrapping linting

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
---
 README.md | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 98c7c73..a2f1c1d 100644
--- a/README.md
+++ b/README.md
@@ -253,10 +253,6 @@ the specific image being attested is identified by the supplied digest.
 Attestation bundles are stored in the OCI registry according to the [Cosign
 Bundle Specification][10].
 
-If the `push-to-registry` option is set to true, the Action will also
-emit an Artifact Metadata Storage Record. If you do not want to emit a
-storage record, set `create-storage-record` to `false`.
-
 > **NOTE**: When pushing to Docker Hub, please use "index.docker.io" as the
 > registry portion of the image name.
 
@@ -304,6 +300,25 @@ jobs:
           push-to-registry: true
 ```
 
+#### Artifact Metadata Storage Records
+
+If the `push-to-registry` option is set to true, the Action will also
+emit an [Artifact Metadata Storage Record](https://docs.github.com/en/rest/orgs/artifact-metadata?apiVersion=2022-11-28#create-artifact-metadata-storage-record).
+Storage records enrich artifact metadata by capturing storage
+related details, such as which registry an image is hosted on
+and whether it's marked as active.
+
+If you do not want to emit a storage record, set `create-storage-record` to `false`.
+
+> **NOTE**: Storage records can only be created for artifacts
+> built from [organization-owned](https://docs.github.com/en/organizations/collaborating-with-groups-in-organizations/about-organizations)
+> repositories.
+
+Artifacts associated with a storage record can be viewed by navigating to
+the `Linked Artifacts` page in your organization:
+`https://github.com/orgs/YOUR_ORG/artifacts`
+(replace `YOUR_ORG` with your organization name).
+
 ### Integration with `actions/upload-artifact`
 
 If you'd like to create an attestation for an archive created with the