Attestation - CI/CD Glossary Definition
An attestation is a signed statement about an artifact, such as its provenance, SBOM, or test results, bound to the artifact by a cryptographic digest so claims can be verified later.
In CI
GitHub Actions can produce build provenance attestations with actions/attest-build-provenance, signing them via Sigstore so consumers verify them with gh attestation verify.
Related guides
Provenance - CI/CD Glossary DefinitionProvenance: Provenance is verifiable metadata describing how an artifact was built: the source commit, builde…
Sigstore - CI/CD Glossary DefinitionSigstore: Sigstore is an open-source project for signing and verifying software artifacts using short-lived,…
Code Signing - CI/CD Glossary DefinitionCode Signing: Code signing is applying a cryptographic signature to a binary or package so recipients can ver…