Provenance Attestation
What is Provenance Attestation?
Provenance AttestationA signed, machine-verifiable statement that describes how a software artifact was produced - including source, build system, parameters, and dependencies - so consumers can trust its origin.
A provenance attestation answers the question "where did this artifact come from?" with cryptographic evidence rather than trust by convention. Standard formats include in-toto attestations and SLSA Provenance v1, which capture the source repository commit, build platform, recipe, materials, and timestamps and are signed by the builder. Consumers verify attestations against a policy: trusted builder identity, allowed source repos, expected workflow, SLSA level, and so on. Tools such as Sigstore Cosign, GitHub Actions, Tekton Chains, GitLab CI, and SLSA-compliant build platforms generate attestations automatically. Provenance is a key control to detect tampered binaries and to enforce regulatory expectations like US EO 14028 and the EU Cyber Resilience Act.
● Examples
- 01
SLSA Provenance v1 generated by a GitHub reusable workflow and verified at deploy time.
- 02
Kyverno policy requiring trusted-builder provenance on every container image.
● Frequently asked questions
What is Provenance Attestation?
A signed, machine-verifiable statement that describes how a software artifact was produced - including source, build system, parameters, and dependencies - so consumers can trust its origin. It belongs to the Application Security category of cybersecurity.
What does Provenance Attestation mean?
A signed, machine-verifiable statement that describes how a software artifact was produced - including source, build system, parameters, and dependencies - so consumers can trust its origin.
How does Provenance Attestation work?
A provenance attestation answers the question "where did this artifact come from?" with cryptographic evidence rather than trust by convention. Standard formats include in-toto attestations and SLSA Provenance v1, which capture the source repository commit, build platform, recipe, materials, and timestamps and are signed by the builder. Consumers verify attestations against a policy: trusted builder identity, allowed source repos, expected workflow, SLSA level, and so on. Tools such as Sigstore Cosign, GitHub Actions, Tekton Chains, GitLab CI, and SLSA-compliant build platforms generate attestations automatically. Provenance is a key control to detect tampered binaries and to enforce regulatory expectations like US EO 14028 and the EU Cyber Resilience Act.
How do you defend against Provenance Attestation?
Defences for Provenance Attestation typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Provenance Attestation?
Common alternative names include: SLSA provenance, Build provenance.
● Related terms
- appsec№ 1053
SLSA Framework
Supply-chain Levels for Software Artifacts: a tiered set of requirements published by OpenSSF that progressively hardens how software is built, signed, and verified against supply-chain tampering.
- appsec№ 522
in-toto
An open framework that cryptographically attests to every step of a software supply chain so that consumers can verify the artifact was built and handled exactly as the project owner intended.
- appsec№ 1044
Sigstore
An open-source Linux Foundation project that makes signing, verifying, and protecting software artifacts easy by combining short-lived keys, OIDC identities, and a transparency log.
- appsec№ 226
Cosign
An open-source CLI from the Sigstore project for signing, verifying, and attesting to OCI artifacts and other software using either keyed or keyless workflows.
- appsec№ 1069
Software Supply Chain Security
The discipline of protecting every link of the software production chain - source, dependencies, build, signing, distribution, and deployment - against tampering, malicious code, and integrity loss.
- appsec№ 921
Reproducible Builds
Build practices that ensure compiling the same source code with the same instructions produces a bit-for-bit identical artifact, regardless of when or where it is built.