using-blockchain-to-establish-software-provenance-thereby-securing-open-source-software-supply-chain
Establishing provenance in open source software has always been a challenge due to its fundamental nature of distributed contributions. Leveraging the attributes of blockchain/distributed ledger - transparency and provenance - it is now possible to establish the provenance of open source software thereby securing the open source software supply chain. For example, CI/CD workflows can be deployed as smart contracts on a blockchain. The process of signing and verifying of software artifacts can also be achieved through the use of smart contracts on the blockchain. This is a work in progress.