Safeguard
Tag

provenance

Safeguard articles tagged "provenance" — guides, analysis, and best practices for software supply chain and application security.

60 articles

Software Supply Chain Security

How to implement software supply chain security with SLSA

A step-by-step guide to implement SLSA supply chain security: map risk, generate signed provenance, and enforce verification before deploy.

Feb 17, 20268 min read
Software Supply Chain Security

SLSA Level 3 Implementation Blueprint 2026

A practical blueprint for reaching SLSA Level 3 in 2026: hosted builders, provenance generation, verification gates, and the operational habits that hold the line.

Feb 15, 20266 min read
AI Security

AI Model Weights: Signing, Attestation, Provenance

Model weights are binaries with the privilege of code and the review of documents. Here is what signing, attestation, and provenance should actually look like.

Feb 8, 20267 min read
AI Security

AI Model Weight Tampering Detection Techniques

Weight-level tampering leaves cryptographic and statistical fingerprints. Here is what current research says about detecting a modified checkpoint before it reaches inference.

Jan 29, 20268 min read
Open Source Security

npm Provenance Statements in Practice (2026)

A practical look at npm provenance in 2026: what statements prove, how to publish them from CI, and where they quietly fail when teams treat them as magic.

Jan 22, 20266 min read
AI Security

AI Code-Generation Audit Trail Patterns

When AI writes code that ships to production, the audit trail is a compliance requirement, not a nice-to-have. Patterns for capturing it without killing velocity.

Jan 5, 20268 min read
Concepts

What Is a Build Artifact?

A build artifact is the packaged output your build process produces from source code. Here is why artifacts are a critical supply chain checkpoint and how to verify their provenance.

Dec 2, 20256 min read
AI Security

AI Model Watermarking and Provenance

Watermarking and provenance are the two most confused terms in AI security. A practical breakdown of what each actually does, where the 2025 techniques break, and what to ship in the meantime.

Nov 25, 20257 min read
Frameworks

SLSA v1.2 Source Track: What Changed in November 2025

SLSA v1.2 was approved in November 2025 and finally completes the Source Track that v0.1 only sketched. We break down the new source levels and what producers must change.

Nov 20, 20256 min read
Open Source Security

npm Provenance: Adoption Tracking in Late 2025

Two and a half years after npm provenance launched, adoption is climbing but uneven. Here is the late-2025 picture across the top packages and frameworks.

Nov 12, 20254 min read
Build Security

Software Provenance: An End-to-End Guide

Provenance answers where software came from and how it was built. Here is how to implement end-to-end provenance tracking from source to deployment.

Nov 5, 20256 min read
Guides

How to Verify an npm Package Before Installing It

Five checks that take about four minutes — tarball inspection, install-script review, provenance verification, maintainer signals — before you let a new npm package run code on your machine.

Jul 9, 20256 min read
provenance (Page 4) — Safeguard Blog