Supply-Chain Security - CI/CD用語集の定義
supply-chain securityは、ソースコードから依存関係、build、releaseまでの経路全体を改ざんから守る取り組みで、署名、provenance、pinningを用いて整合性を確保します。
関連ガイド
SLSA - CI/CD Glossary DefinitionSLSA is a security framework defining graded levels of build and release integrity, from basic provenance up…
Signed Commits - CI/CD Glossary DefinitionSigned commits attach a cryptographic signature to each commit so its author can be verified, proving history…
Build Provenance - CI/CD Glossary DefinitionBuild provenance is the verifiable record a CI system emits of how an artifact was produced - which commit, w…