Artifact Signing - CI/CD Glossary Definition
Artifact signing uses a private key (often managed by a KMS or keyless via sigstore) to sign a released binary, image, or package, so downstream systems verify its origin and integrity with the matching public key before trusting or deploying it.
Related guides
Key Management - CI/CD Glossary DefinitionKey management is the lifecycle of cryptographic keys - generation, storage, rotation, revocation - so CI sig…
Bit-for-Bit - CI/CD Glossary DefinitionBit-for-bit means two builds produce byte-identical output, so anyone can rebuild from source and prove an ar…
Build Cache Poisoning - CI/CD Glossary DefinitionBuild cache poisoning injects malicious content into a shared build cache, so later builds restore tampered o…