Skip to content
Latchkey

What Is a Reproducible Build?

A reproducible build is one where compiling the same source with the same toolchain yields a bit-for-bit identical artifact, regardless of when or where it runs. This lets independent parties rebuild and confirm that a published binary truly came from the claimed source. It is a cornerstone of software supply-chain trust.

Why it matters

If a build is reproducible, anyone can verify that a released binary was not tampered with by rebuilding it and comparing hashes. Achieving it requires removing nondeterminism like embedded timestamps, file-ordering differences, and absolute paths.

Related concepts

  • Hermetic builds are usually required to get there
  • Build provenance records how the artifact was produced
  • SLSA levels reward reproducibility

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →