What Is a Reproducible Build?
A reproducible build is one where compiling the same source with the same toolchain yields a bit-for-bit identical artifact, regardless of when or where it runs. This lets independent parties rebuild and confirm that a published binary truly came from the claimed source. It is a cornerstone of software supply-chain trust.
Why it matters
If a build is reproducible, anyone can verify that a released binary was not tampered with by rebuilding it and comparing hashes. Achieving it requires removing nondeterminism like embedded timestamps, file-ordering differences, and absolute paths.
Related concepts
- Hermetic builds are usually required to get there
- Build provenance records how the artifact was produced
- SLSA levels reward reproducibility
Related guides
What Is a Hermetic Build?A hermetic build depends only on explicitly declared, pinned inputs and is isolated from the host, so it prod…
What Is Build Provenance?Build provenance is signed metadata describing how an artifact was built, including its source, inputs, and b…
What Is SLSA?SLSA is a security framework that defines graduated levels of build-integrity assurance to harden software su…