Description
A software supply-chain security framework that records and verifies steps in a build or release process. Teams use it to prove that expected people, tools and commands handled each stage before an artifact is trusted.
Use it when a project needs stronger release integrity or compliance evidence. It is a developer and security tool, so setup requires planning keys, layout rules and verification steps.