Provenance
5 items tagged with "provenance"
Best Practices2
Sigstore Keyless Signing
An open standard for signing software artifacts using short-lived certificates tied to identity, removing the burden of managing long-lived private keys.
in-toto Supply Chain Attestation
A framework that secures the software supply chain by cryptographically verifying that each step in the build and release process was performed as intended.
Glossaries3
Attestation
An attestation is a signed, machine-readable statement about a software artifact — such as how it was built or what it contains — that a consumer can cryptographically verify.
Provenance
Provenance is verifiable metadata that records where a software artifact came from and how it was built — its source, build system, and inputs — so consumers can trace and trust it.
SLSA (Supply-chain Levels for Software Artifacts)
SLSA is a security framework that defines graduated levels of build integrity and provenance for software artifacts, so teams can measure and improve how trustworthy their builds are.