Category Direction - Secure Artifacts

The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features or functionality remain at the sole discretion of GitLab Inc.

Secure Artifacts
- Introduction and how you can help
- Overview

Secure Artifacts


Stage	Verify
Maturity	Minimal
Content Last Reviewed	`2024-07-16`

Introduction and how you can help

Thanks for visiting this category direction page on Secure Artifacts in GitLab. This page belongs to the Pipeline Security group of the Govern stage and is maintained by Jocelyn Eillis (E-Mail).

This direction page is a work in progress, and everyone can contribute:

Please comment and contribute in the linked issues and epics on this page. Sharing your feedback directly on GitLab.com is the best way to contribute to our strategy and vision.
Please share feedback directly via email or schedule a video call. If you're a GitLab user and have direct knowledge of your need for securing artifacts as part of securing your software supply chain, we'd especially love to hear from you.

Overview

Artifacts are a by-product produced during the software development process. They can be used as a roadmap to trace the development process. Securing release artifacts is a critical piece to ensure software supply chain security. Secure Artifacts includes:

Signed artifacts
Tamper-proofing of artifacts
Notification of tampering/potential security breach of artifacts (i.e. counterfeit signature)
Authentication of artifacts
Artifact access and restrictions

We are focused on providing capabilities to provide signature and verification of artifacts in compliance with Supply-chain Levels for Software Artifacts (SLSA) guidelines.