ActiveState's 2023 Software Supply Chain Security Survey Part 1 / 4 Source Code Integrity Question Title * 1. How do you ensure the integrity of proprietary and third-party (eg, open source) code? Check all that apply. We ensure all code is tracked in a version control system We verify the revision history (ie., verify timestamp and the author/uploader) We indefinitely keep a complete history of all revisions We implicitly trust the repository Not sure Other (please specify) Question Title * 2. On import, do you verify the Provenance Attestation of source code? (ie., metadata that attests to the integrity of the source) Yes, verifying Provenance Attestations is part of our automated import pipeline Sometimes we verify Provenance Attestations when required by security or for suspicious packages No, we don't verify Provenance Attestations yet, but we are planning to No, we don't verify Provenance Attestations and have no plans to Don't know/ never heard of it Next