Knowledge Base
Provenance
Build attestations, SBOMs, and verifiable lineage for every artifact you ship.
1
State of AI Agent Code in Production
How autonomous coding agents are reshaping security, compliance, and incident response — and why regulatory frameworks haven't caught up.
Intermediate 18 min read
2
SLSA Source Track: Proving Who Authored Every Line of Code
Using SLSA supply chain levels to cryptographically verify human vs. autonomous agent authorship of each commit in production.
Advanced 8 min read
3
Cryptographic Provenance for Coding-Agent Output
Use Sigstore keyless signing to bind agent identity, model version, and policy context into the OIDC token of every commit and artifact an autonomous coding agent produces.
Advanced 11 min read
4
SLSA Build Track Level 3 for Agent-Generated Artifacts
What SLSA Build Track Level 3 actually requires when the source-track author is an autonomous coding agent — hermetic builds, isolated builders, and signed provenance you can verify with slsa-verifier.
Advanced 12 min read