HomeJournalThis post

Build provenance should travel with releases

Release provenance connects a shipped artifact to its source, build instructions, dependencies, builder identity, verification policy, and promotion history.

JP
JP Casabianca
Designer/Engineer · Bogotá

A release tag tells me what a team intended to publish. It does not prove how the published bytes were produced.

The artifact may have come from a protected workflow, a maintainer laptop, a reused cache, a mutable dependency, an unreviewed parameter, or a rebuild after the tag moved. A checksum proves byte identity only after someone already trusts the place where that checksum came from.

The current SLSA v1.2 provenance specification models provenance as an attestation connecting artifact subjects to a build definition and run details, including builder identity and resolved dependencies.

I want that evidence to travel with the release and participate in promotion. Consumers should be able to verify both that the attestation covers these bytes and that the recorded builder, source, parameters, and signer satisfy policy.

Provenance becomes useful when it changes an allow-or-deny decision, not when it is another file nobody checks.

01 · ResolveFreeze every build input

Record source revision, workflow definition, external parameters, and dependency digests instead of relying on mutable names.

02 · ProduceBuild inside an identified boundary

A trusted platform emits artifacts and an attestation whose subject digests bind the evidence to exact outputs.

03 · VerifyApply promotion policy

Confirm signature, identity, subject, builder, source, parameters, and freshness before publishing or deploying.

Figure 1: Provenance links reviewed intent to shipped bytes.

Name the verification question

Start with the release claim a consumer needs to decide, because provenance fields without a policy become descriptive inventory rather than protection.

I would pressure-test that decision with four questions:

  • Which artifact is being trusted?
  • Which source and workflow are allowed?
  • Who may build it?
  • What decision changes on failure?

The failure mode here is collecting every possible field without defining an acceptance rule. In software releases, packages, containers, mobile binaries, static sites, firmware, and generated artifacts where a version label or checksum says what bytes exist but not which source, workflow, builder, parameters, and dependencies produced them, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be a release verification policy statement. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is one falsifiable gate at the promotion boundary. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put a release verification policy statement beside the question “Which artifact is being trusted?” before the first implementation review. The next pass would use “Which source and workflow are allowed?” to test the boundary, then “Who may build it?” to expose the state most likely to be missed. I would keep “What decision changes on failure?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports one falsifiable gate at the promotion boundary.

Bind evidence to exact subjects

Artifact digests should identify every promoted output so provenance cannot float beside a tag that later points somewhere else.

The practical review starts here:

  • Which digest algorithm is accepted?
  • Does the subject cover every platform variant?
  • Can tags move independently?
  • Where is the digest rechecked?

Those questions keep signing a version name while deploying unverified bytes from becoming the default. I would capture the decision in a subject-to-release manifest, then use it while the work is still cheap to change. For releases whose origin and build path can be verified, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like one-to-one binding between evidence and production artifacts. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make a subject-to-release manifest part of the working surface. I would use it to answer “Which digest algorithm is accepted?” while scope is still flexible, and “Does the subject cover every platform variant?” before code or content becomes expensive to unwind. During QA, “Can tags move independently?” and “Where is the digest rechecked?” become concrete checks rather than discussion prompts. That sequence turns releases whose origin and build path can be verified into something the team can operate and gives me a specific outcome to report: one-to-one binding between evidence and production artifacts.

  1. CandidateAttestation is generated

    The build completes, outputs are hashed, provenance is signed, and logs remain linked through an invocation ID.

  2. PromotedPolicy accepted the evidence

    The registry or deployment gate stores the decision, verifier version, policy revision, and accepted digest.

  3. InvestigatedEvidence answers an incident

    Teams query which releases used a source commit, builder mode, dependency, secret scope, or compromised signing identity.

Figure 2: Release evidence has a lifecycle beyond build success.

Record immutable source identity

Repository URL, commit digest, reviewed workflow definition, submodules, generated source, and source archives need stable identities rather than branch names.

Before implementation, I would answer:

  • Which commit was resolved?
  • Was the workflow part of reviewed source?
  • Can a tag be rewritten?
  • Which generated inputs exist?

The artifact is an immutable source descriptor. Its job is to expose the tradeoff early enough that design, engineering, support, or product can disagree with something concrete. The common trap is recording main or v1.4 as if it were permanent evidence; it moves uncertainty downstream and makes the final interface carry a problem the system never resolved.

For me, the useful receipt is a release traceable to the reviewed source state. That connects a signed provenance attestation bound to artifact digests and verified against an explicit build policy before promotion to an observable result instead of a process claim.

I would test this with one typical case and one boundary case. The typical case should make “Which commit was resolved?” easy to answer. The boundary should force a decision about “Was the workflow part of reviewed source?” and “Can a tag be rewritten?.” I would record both in an immutable source descriptor, including the part that stayed unresolved after the first pass. The final check, “Which generated inputs exist?,” is where the artifact earns its place: it either supports a release traceable to the reviewed source state, or it shows exactly why another iteration is needed.

Define the builder trust boundary

Builder identity should describe the control plane, runner mode, isolation, configuration, and people transitively trusted to produce accurate provenance.

I would use these prompts during the working review:

  • What does builder ID represent?
  • Are hosted and self-hosted modes distinct?
  • Who controls the runner image?
  • Can workloads edit the attestation?

If the team slips into using one friendly builder name for materially different trust modes, the product can still look complete while its operating rule stays ambiguous. I would make a builder identity and security model the shared reference and keep it small enough to update as evidence changes.

The standard is policy that distinguishes strong and weak production paths. That tells me whether the decision helped the product, not merely whether the document was completed.

The working sequence is small: draft a builder identity and security model, review it against “What does builder ID represent?,” implement the narrowest useful path, and then return with evidence for “Are hosted and self-hosted modes distinct?.” I would use “Who controls the runner image?” to inspect product consequence and “Can workloads edit the attestation?” to decide whether the result is stable enough to ship. This keeps using one friendly builder name for materially different trust modes visible as a known risk and makes policy that distinguishes strong and weak production paths the release receipt rather than a hopeful conclusion.

SignalDecisionWorking note
ChecksumThese bytes matchDetects corruption or substitution relative to a trusted digest, but does not explain who built the artifact or from what.
SignatureThis identity signedAuthenticates a statement or artifact, but the signed content must still carry trustworthy build facts and a valid scope.
ProvenanceThis builder produced these bytesDescribes source, inputs, process identity, and outputs; verification still needs consumer policy.
Figure 3: Common release receipts prove different things.

Capture external influence

Parameters, environment choices, release inputs, and dependencies controlled outside the trusted builder must be complete enough for a verifier to reject unexpected influence.

I would pressure-test that decision with four questions:

  • Which inputs can a caller set?
  • Are defaults recorded?
  • Can network fetches change the build?
  • Which configuration is evaluated client-side?

The failure mode here is omitting a dangerous parameter because it is normal in CI. In software releases, packages, containers, mobile binaries, static sites, firmware, and generated artifacts where a version label or checksum says what bytes exist but not which source, workflow, builder, parameters, and dependencies produced them, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be an external-parameter schema. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is a verifier that sees every consequential external choice. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put an external-parameter schema beside the question “Which inputs can a caller set?” before the first implementation review. The next pass would use “Are defaults recorded?” to test the boundary, then “Can network fetches change the build?” to expose the state most likely to be missed. I would keep “Which configuration is evaluated client-side?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports a verifier that sees every consequential external choice.

Issue attestations at the build boundary

The platform should generate and sign provenance from observations it controls, not accept a JSON statement assembled by the untrusted build workload.

The practical review starts here:

  • Who observes the inputs?
  • Where are output digests calculated?
  • Can the job access signing keys?
  • Is the statement tamper-evident?

Those questions keep letting the same script build, describe, and sign itself from becoming the default. I would capture the decision in an attestation issuance architecture, then use it while the work is still cheap to change. For releases whose origin and build path can be verified, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like evidence whose authority exceeds the artifact-producing workload. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make an attestation issuance architecture part of the working surface. I would use it to answer “Who observes the inputs?” while scope is still flexible, and “Where are output digests calculated?” before code or content becomes expensive to unwind. During QA, “Can the job access signing keys?” and “Is the statement tamper-evident?” become concrete checks rather than discussion prompts. That sequence turns releases whose origin and build path can be verified into something the team can operate and gives me a specific outcome to report: evidence whose authority exceeds the artifact-producing workload.

Verify signer and builder together

A valid signature is insufficient unless policy authorizes that signer to speak for the recorded builder and expected repository or workflow.

Before implementation, I would answer:

  • Which identity signed?
  • May it attest for this builder?
  • Is repository scope checked?
  • How is keyless identity anchored?

The artifact is a signer-builder authorization table. Its job is to expose the tradeoff early enough that design, engineering, support, or product can disagree with something concrete. The common trap is accepting any cryptographically valid signature; it moves uncertainty downstream and makes the final interface carry a problem the system never resolved.

For me, the useful receipt is an authenticated statement from the expected production boundary. That connects a signed provenance attestation bound to artifact digests and verified against an explicit build policy before promotion to an observable result instead of a process claim.

I would test this with one typical case and one boundary case. The typical case should make “Which identity signed?” easy to answer. The boundary should force a decision about “May it attest for this builder?” and “Is repository scope checked?.” I would record both in a signer-builder authorization table, including the part that stayed unresolved after the first pass. The final check, “How is keyless identity anchored?,” is where the artifact earns its place: it either supports an authenticated statement from the expected production boundary, or it shows exactly why another iteration is needed.

Store the promotion decision

Release systems should retain the verifier, policy version, evidence digest, decision, exception, and actor so later investigation can reconstruct why an artifact was allowed.

I would use these prompts during the working review:

  • Which policy version ran?
  • Was an exception used?
  • Can evidence be retrieved later?
  • Who approved a bypass?

If the team slips into logging only deployment succeeded, the product can still look complete while its operating rule stays ambiguous. I would make a promotion decision receipt the shared reference and keep it small enough to update as evidence changes.

The standard is auditable release decisions across policy change. That tells me whether the decision helped the product, not merely whether the document was completed.

The working sequence is small: draft a promotion decision receipt, review it against “Which policy version ran?,” implement the narrowest useful path, and then return with evidence for “Was an exception used?.” I would use “Can evidence be retrieved later?” to inspect product consequence and “Who approved a bypass?” to decide whether the result is stable enough to ship. This keeps logging only deployment succeeded visible as a known risk and makes auditable release decisions across policy change the release receipt rather than a hopeful conclusion.

Design revocation and re-evaluation

Compromised builders, signers, source repositories, and dependencies require queries that find affected artifacts and policy changes that re-evaluate retained provenance.

I would pressure-test that decision with four questions:

  • Which releases used this builder?
  • Can trust be revoked?
  • Are deployed artifacts discoverable by digest?
  • What triggers rebuild or rollback?

The failure mode here is treating verification as a one-time ceremony. In software releases, packages, containers, mobile binaries, static sites, firmware, and generated artifacts where a version label or checksum says what bytes exist but not which source, workflow, builder, parameters, and dependencies produced them, that can hide the exact boundary a reviewer or teammate needs to understand. My working artifact would be a provenance incident query pack. I want it close enough to the implementation that it can change the work, not created afterward to decorate the story.

The result I would look for is bounded response to newly discovered supply-chain risk. That is a narrower claim than saying the whole system improved, but it is also one I can verify and defend.

In practice, I would put a provenance incident query pack beside the question “Which releases used this builder?” before the first implementation review. The next pass would use “Can trust be revoked?” to test the boundary, then “Are deployed artifacts discoverable by digest?” to expose the state most likely to be missed. I would keep “What triggers rebuild or rollback?” for the release check because it asks whether the decision still holds outside the ideal path. The work is ready to move when the artifact can explain the choice and the observed result supports bounded response to newly discovered supply-chain risk.

Show provenance as engineering evidence

A credible case study shows the threat, builder boundary, attestation, verification rule, denied fixture, promotion receipt, and incident query—not only a security badge.

The practical review starts here:

  • Which attack became impossible?
  • What remains trusted?
  • Which failure was exercised?
  • How did release operations change?

Those questions keep claiming supply-chain security because an SBOM or signature exists from becoming the default. I would capture the decision in a redacted provenance verification trace, then use it while the work is still cheap to change. For releases whose origin and build path can be verified, the artifact should make ownership, constraint, and next action visible without requiring a private explanation.

Success would look like reviewable proof of a narrower and stronger release claim. If I cannot point to that evidence, I have a direction, not a finished decision.

The implementation move is to make a redacted provenance verification trace part of the working surface. I would use it to answer “Which attack became impossible?” while scope is still flexible, and “What remains trusted?” before code or content becomes expensive to unwind. During QA, “Which failure was exercised?” and “How did release operations change?” become concrete checks rather than discussion prompts. That sequence turns releases whose origin and build path can be verified into something the team can operate and gives me a specific outcome to report: reviewable proof of a narrower and stronger release claim.

What I would show in the work

The public version needs evidence from the work itself. For this topic, the first five artifacts I would reach for are:

  • a release verification policy statement
  • a subject-to-release manifest
  • an immutable source descriptor
  • a builder identity and security model
  • an external-parameter schema

I would not publish all five at equal weight. One should orient the reader, one should reveal the hardest tradeoff, and one should prove the result. The others can live in a downloadable note or appear as supporting frames. That edit matters because a signed provenance attestation bound to artifact digests and verified against an explicit build policy before promotion becomes harder to understand when every process detail is treated as equally important.

I would also show one rejected direction. The useful version is specific: which option looked attractive, which constraint made it wrong, and what evidence supported the narrower choice. That gives an engineering manager something real to question and keeps the case study from reading like the final answer was obvious from the beginning.

release-provenance-receipt.json
# subject
image@sha256:7c… / app.tar@sha256:19…
Every deployed format is named by digest; tags and filenames remain navigation aliases, not security identity.

# predicate source 31fa… / builder ci/protected-v4 Build type, external parameters, resolved dependencies, invocation, and builder trust boundary are explicit.

# decision allow / policy release-prod@12 Verifier checked signer-builder pair, protected source, expected workflow, subject match, and exception expiry at 21:12Z.

Figure 4: The promotion receipt preserves both evidence and decision.

Resource path

The practical follow-up I would build is a build-provenance release pack with subject digests, source revision, build type, external parameters, resolved dependencies, builder identity, invocation metadata, signer policy, verification command, promotion decision, retention, and incident query examples. I am treating that as a resource backlog item, not pretending the adjacent downloads below are the same artifact. The related cards cover useful pieces of the workflow today; this specific file should only be published when its examples, fields, and instructions are complete.

The first version should stay concise: context, constraint, decision, evidence, owner, and follow-up. Its value would come from helping someone repeat this exact review, not from adding another generic PDF to the site.

Review checklist

The article-specific review questions are:

  • Which artifact is being trusted?
  • Which digest algorithm is accepted?
  • Which commit was resolved?
  • What does builder ID represent?
  • Which inputs can a caller set?
  • Who observes the inputs?
  • Which identity signed?
  • Which policy version ran?
  • Which releases used this builder?
  • Which attack became impossible?

I would add two editorial checks before publishing: can a recruiter find the point in the first minute, and can an engineer trace at least one claim to an implementation or production receipt? If either answer is no, the article needs another edit.

Implementation notes

For releases whose origin and build path can be verified, I would write the implementation note before polish. It would name the changed surface, source of truth, owner, failure boundary, and verification path. Those details prevent the principle from floating above the actual code or operational workflow.

The proof signals I care about are specific to this article:

  • evidence whose authority exceeds the artifact-producing workload
  • an authenticated statement from the expected production boundary
  • auditable release decisions across policy change
  • bounded response to newly discovered supply-chain risk
  • reviewable proof of a narrower and stronger release claim

I would choose two or three of those signals for the first release rather than instrumenting everything. The strongest pair usually combines one direct behavior check with one operating check: a route and a data query, a keyboard path and a support state, a handler replay and a reconciliation result, or a migration count and a rendered screen.

The follow-up belongs in the note before shipping. It should say what remains temporary, what evidence would trigger another pass, and who owns that decision. That is how the first version stays intentionally narrow without making the boundary invisible.

Case-study packaging

I would structure the case-study version around the four visual lessons already established:

  • Provenance links reviewed intent to shipped bytes.
  • Release evidence has a lifecycle beyond build success.
  • Common release receipts prove different things.
  • The promotion receipt preserves both evidence and decision.

The opening frame explains the product pressure. The middle two show the decision moving through the system. The last frame is the receipt: what was checked, what held, and what remained unresolved. That order lets the reader move from product judgment into implementation detail without reconstructing the whole project first.

I would include one caveat tied to software releases, packages, containers, mobile binaries, static sites, firmware, and generated artifacts where a version label or checksum says what bytes exist but not which source, workflow, builder, parameters, and dependencies produced them: a data limit, rollout boundary, unsupported state, external dependency, or result that is still directional. A precise caveat makes the evidence easier to trust because it shows where the claim stops.

The final test is whether the page creates a better conversation. If the artifact helps someone ask a sharper question about product judgment, implementation detail, or release proof in a live interview, it belongs in the story.

Interview angle

In an interview, I would explain this through a signed provenance attestation bound to artifact digests and verified against an explicit build policy before promotion. The story should start with the product pressure, then move into the system constraint, the artifact, and the proof. That order keeps the answer grounded. It also gives the interviewer several places to go deeper: data, frontend architecture, design systems, support, migration, accessibility, or release process.

The strongest version of the answer includes a tradeoff. I want to be able to say what I chose, what I left alone, and how I knew the work helped. That is more credible than presenting every project as a clean win.

The hiring signal

A release-provenance model is a hiring signal because it shows I can connect supply-chain security, CI architecture, release operations, and evidence a reviewer can independently verify.

That is the level I want this site to communicate. The work should show taste, but it should also show operating judgment. It should make me look like someone who can enter a real product system, understand the messy middle, ship the useful version, and leave enough proof for the next person to trust it.

Companion artifacts

Use this after reading.

Practical downloads and templates that turn the article into something you can bring into a product review, implementation pass, or agent workflow.

TemplateJul 2026

Dependency Adoption Receipt

A reviewable receipt for package need, identity, provenance, permissions, supply-chain risk, verification, ownership, and removal.

Supply chainSecurityAI-assisted
View details
DownloadJun 2026

UI PR Risk Review Checklist

A merge-readiness checklist for product intent, states, accessibility, visual durability, and UI implementation risk.

UI reviewQAFrontend
View details
RepoJun 2026

Agent-Ready API Spec Template

An OpenAPI and Postman starter template for APIs that AI agents can discover, call, and recover from safely.

OpenAPIPostmanAI agents
View details