Provenance Attestation - CI/CD用語集の定義
provenance attestationは、artifactのbuild入力、builder、手順を記述した、署名付きで機械可読な文書(例: in-toto/SLSA形式)であり、artifactが信頼またはdeployされる前に検証されます。
関連ガイド
SLSA - CI/CD Glossary DefinitionSLSA is a security framework defining graded levels of build and release integrity, from basic provenance up…
Build Provenance - CI/CD Glossary DefinitionBuild provenance is the verifiable record a CI system emits of how an artifact was produced - which commit, w…
Signed Commits - CI/CD Glossary DefinitionSigned commits attach a cryptographic signature to each commit so its author can be verified, proving history…