Skip to content

#supply-chain

3 approved public terms with this tag.

SBOM Gate is a GitOps term for a release check that requires software bill of materials evidence before promotion. It helps teams, humans, and agents compare declared source state with running systems, then act without pretending a deployment did more than the evidence shows. Source context: OpenGitOps principles.

The team used SBOM Gate before lunch, so the release did not sprint into production wearing untied shoes.

Signed Image is a GitOps term for a container image with cryptographic proof attached to the artifact. It helps teams, humans, and agents compare declared source state with running systems, then act without pretending a deployment did more than the evidence shows. Source context: OpenGitOps principles.

The team used Signed Image before lunch, so the release did not sprint into production wearing untied shoes.

Supply Chain Policy is a GitOps term for rules that decide which code, images, dependencies, and sources can be released. It helps teams, humans, and agents compare declared source state with running systems, then act without pretending a deployment did more than the evidence shows. Source context: OpenGitOps principles.

The team used Supply Chain Policy before lunch, so the release did not sprint into production wearing untied shoes.