← Back to enterprise readiness
CI artifacts
The CI artifact package represents build security checks, readiness gates, SBOM generation, and provenance evidence. These artifacts show what checks are configured and what local readiness outputs returned.
Checks represented
The authoritative CI definition remains .gitlab-ci.yml. This page points to the public mirror of the enterprise-readiness package artifacts.
Readiness checks
public/enterprise-readiness/ci-artifacts/final-readiness-check.txtFinal readiness gate output.public/enterprise-readiness/ci-artifacts/security-review-check.txtSecurity review gate output.public/enterprise-readiness/ci-artifacts/enterprise-readiness-check.txtEnterprise readiness check output.
Supply-chain evidence
public/enterprise-readiness/ci-artifacts/sbom.spdx.jsonSPDX dependency inventory.public/enterprise-readiness/ci-artifacts/provenance-evidence.jsonCommit, ref, builder, timestamp, and lockfile hash metadata.public/enterprise-readiness/ci-artifacts/scan-summary.jsonSanitized summary of CI security and release-gate checks.
Build-failing conditions
- • secret scanning exits non-zero on detected secrets
- • SAST runs with error-on-finding behavior
- • filesystem and image scans fail on HIGH or CRITICAL findings
- • release gates require readiness, tests, SBOM, dependency audit, scans, restore validation, and provenance jobs
Scope boundary
These files do not replace GitLab job artifacts from a specific merge pipeline. They provide the public review package: configured checks, local readiness outputs, dependency inventory, and provenance metadata.