►
A
Hello
today,
I'm
going
to
demonstrate
the
new
feature
that
we
have
for
the
gitlab
runner,
where
it's
able
to
generate
artifact
metadata
following
the
salsa
format
for
any
artifacts
that
are
built
in
order
to
enable
this.
All
you
have
to
do
is
to
go
into
your
gitlab
ci.yaml
file
and
set
this
variable
runner
generate
artifacts
metadata
to
true.
This
variable
can
be
set
globally
or
it
can
be
set
on
a
per
job
basis,
and
you
see
in
this
example,
we
have
just
a
very
simple
ci
pipeline.
A
That's
just
producing
this
data.txt
file
and
echoing
this,
this
text
data
into
it.
It's
a
very
simple
file,
but
if
we
wanted
to
generate
metadata
to
describe
how
that
was
produced
and
verify
the
origin
of
it
or
the
provenance
of
it,
then
that's
what
this
variable
allows
us
to
do
so,
just
to
give
you
a
demonstration
of
how
this
works
in
practice.
A
Once
we
have
this,
when
the
pipeline
runs
again,
you'll
see
just
that
one
hello
stage
is
running
and
it's
producing
that
metadata
and
we
come
in
and
we
can
download
this
artifact
file
once
we
download
that
it
comes
as
a
zip
file
with
the
two
two
files
inside
of
it.
One
is
the
data.txt
that
was
actually
produced,
and
then
we
also
have
this
artifacts
metadata.json
file
that
sits
next
to
it,
and
I
can
go
ahead
and
open
this
up
and
you'll
see.
It
gives
me
a
whole
lot
of
metadata
about
what
was
done.
A
A
So
again
that
way,
somebody
could
come
in
later
and
take
a
look
at
this
and
get
an
idea
of
the
steps
that
were
taken
in
order
to
produce
it,
as
well
as
even
some
information
about
where
it
was
built
itself.
So
from
a
software
supply
chain
security
perspective
for
someone
who's
wanting
to
protect
their
artifacts
and
reduce
the
chance
of
tampering.