Agentic AI Atlasby a5c.ai
/
GitHubDocsDiscord
iiRecord
Agentic AI Atlas · Artifact Signing and Provenance
workflow:artifact-signing-and-provenancea5c.ai
II.
Workflow JSON

workflow:artifact-signing-and-provenance

Structured · live

Artifact Signing and Provenance json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-release-eng.yamlCluster · workflows
Record JSON
{
  "id": "workflow:artifact-signing-and-provenance",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-release-eng.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Artifact Signing and Provenance",
    "workflowKind": "security",
    "triggerType": "event-driven",
    "typicalCadence": "per-release",
    "complexity": "single-team",
    "description": "Ensures every release artifact (container image, binary, SBOM) is\ncryptographically signed and accompanied by verifiable provenance\nmetadata — configuring Sigstore/cosign or GPG signing in CI, generating\nSLSA provenance attestations, verifying signatures in deployment admission\ncontrollers, auditing key-rotation schedules, and validating that\ndownstream consumers can verify provenance end-to-end. Produces a\nsigning-compliance report. Excludes key-ceremony procedures.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "role:security-engineer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "role:devops-engineer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "role:release-manager-bot",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "skill-area:gitops",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "skill-area:signature-schemes",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "domain:devops",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "domain:security",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "responsibility:release-coordination",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "responsibility:security-review",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "org-unit:release-engineering",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:artifact-signing-and-provenance",
      "to": "org-unit:application-security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": []
}