Code Signing - CI/CD用語集の定義
Code signing は、秘密鍵を使って artifact (バイナリ、イメージ、パッケージ) に署名し、誰もが対応する公開鍵でその発行元と完全性を検証できるようにします。
関連ガイド
Attestation - CI/CD Glossary DefinitionAn attestation is a signed statement about an artifact - its provenance, scan results, or test status - that…
Provenance - CI/CD Glossary DefinitionProvenance is verifiable metadata describing how an artifact was built - source, builder, and inputs - lettin…
Image Digest - CI/CD Glossary DefinitionAn image digest is the immutable SHA-256 hash identifying an exact container image. Pinning to a digest guara…