Provenance
Source: content/manual/06-glossary/supplychain/provenance.md
Definition
Metadata describing how an artifact was produced (who, what, when, from which sources and build systems).
Why it matters
Supports traceability, incident investigation, and policy enforcement.
Common pitfalls
- Capturing provenance but not storing or validating it at deploy time.
- Incomplete metadata (missing source or builder IDs).
References
- https://slsa.dev/spec
- Sigstore attestations
- manual/02-12factor/index.md