Provenance Attestation - Definição do Glossário de CI/CD
Uma provenance attestation é uma declaração assinada e legível por máquina (por exemplo, no formato in-toto/SLSA) descrevendo as entradas de build, o builder e os passos de um artifact, verificada antes de o artifact ser considerado confiável ou implantado.
Guias relacionados
SLSA - CI/CD Glossary DefinitionSLSA is a security framework defining graded levels of build and release integrity, from basic provenance up…
Build Provenance - CI/CD Glossary DefinitionBuild provenance is the verifiable record a CI system emits of how an artifact was produced - which commit, w…
Signed Commits - CI/CD Glossary DefinitionSigned commits attach a cryptographic signature to each commit so its author can be verified, proving history…