Hash Verification - CI/CD Glossary Definition
Hash verification is recomputing an artifact's hash and comparing it to a trusted expected value to confirm integrity. A checksum proves nothing was altered; a signature also proves who produced it.
In CI
Package managers do this automatically: pip install --require-hashes and npm ci reject any dependency whose hash does not match the lockfile, blocking tampered packages.
Related guides
Checksum - CI/CD Glossary DefinitionChecksum: A checksum is a fixed-size value computed from a file with a hash function (such as SHA-256) that c…
Dependency Lock - CI/CD Glossary DefinitionDependency Lock: A dependency lock is a generated file (package-lock.json, yarn.lock, Cargo.lock, poetry.lock…
Supply Chain Attack - CI/CD Glossary DefinitionSupply Chain Attack: A supply chain attack compromises software by targeting its dependencies, build tools, o…