ponens

← Policy gallery

NIST SSDF: PS — Release Integrity Protected

error

ssdf_ps_release_signed

secure-development security pure_temporal secure-developmentnistssdfsupply-chainpsrag-red

Each software release is integrity-protected (e.g. cryptographically signed) against tampering (PS.2).

Formula

G(Release → P(artifact_signed))

Why it matters

SSDF PS.2: provide a mechanism for verifying software release integrity — e.g. signing — so consumers can detect tampering.

Examples

passes the practice's evidence is present

fails the required secure-development step is absent

Use it

ponens policies add ssdf_ps_release_signed --into ./trace.json
ponens trace check ./trace.json