Provenance
Image provenance tracking
Provenance provides cryptographically verifiable tracking of each image's origin from source code, through the build environment, to publication in the registry. The system generates attestations compliant with SLSA Level 3, documenting builder identity, source repository, commit hash, and build parameters. Attestations are signed by Sigstore and stored as OCI artifacts alongside the image.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- SLSA Level 3 provenance attestations with full build metadata
- Registration of source repositories, commit SHA, and branch for every build
- Build environment documentation: builder version, operating system, parameters
- in-toto attestation format for interoperability with other tools
- Provenance verification via cosign and policy engines before deployment
Business benefits
- Full auditability of the build process from source to production
- Detection of tampering and unauthorized image modifications
- Compliance with SLSA, SSDF, and Executive Order 14028 requirements
- Ability to reproduce exact build conditions for reproducibility purposes
- Automation of supply chain verification in the CI/CD pipeline
Why Chainguard?
A leader in software supply chain security offering hardened container images with a minimal attack surface. Chainguard images are built from the ground up with a strong focus on security, regularly updated, and free from known CVEs.
Need Provenance in your organization?
As a certified Chainguard partner, we'll help you deploy and configure the solution.