公开(公告)号：US20240202307A1

公开(公告)日：2024-06-20

申请号：US18523291

申请日：2023-11-29

Applicant: Palantir Technologies Inc.

Inventor： Casey Silver ,  Dan Fox ,  Kasper Nielsen ,  Nicholas Miyake

IPC: G06F21/44 ,  G06F21/57

CPC classification number: G06F21/44 ,  G06F21/572 ,  G06F2221/033

Abstract: In some examples, systems and methods for verifying a software product using a software-supply-chain-provenance verification service are provided. For example, a method includes: receiving, at the software-supply-chain-provenance verification service from a deployment management system, an indication of a first software product for verification, retrieving one or more artifacts associated with the first software product for verification, performing provenance verification to the one or more artifacts to generate one or more results, and sending the one or more results of the provenance verification and the indication of the first software product to the deployment management system. The deployment management system is configured to: determine whether the first software product satisfies a security policy of a release channel based at least in part on the one or more results of the provenance verification, and allowing for the first software product to be installed through the release channel.