Provenance - CI/CD Glossary Definition
Provenance is verifiable metadata describing how an artifact was built: the source commit, builder, and inputs. The SLSA framework defines a standard provenance format for supply-chain trust.
Why it matters
Provenance lets consumers confirm an artifact came from the expected pipeline and was not swapped or tampered with after the build.
Related guides
Attestation - CI/CD Glossary DefinitionAttestation: An attestation is a signed statement about an artifact, such as its provenance, SBOM, or test re…
Software Bill of Materials (SBOM) - CI/CD Glossary DefinitionSoftware Bill of Materials (SBOM): A software bill of materials (SBOM) is a machine-readable inventory of eve…
Sigstore - CI/CD Glossary DefinitionSigstore: Sigstore is an open-source project for signing and verifying software artifacts using short-lived,…