Docs/NOME Build Cloud/Artifact signing, SBOM, and provenance

Artifact signing, SBOM, and provenance

How NOME signs build artifacts, attaches an SBOM, records provenance, and fails closed on unverifiable artifacts.

Signing

Build artifacts are signed before they are promotable. The signature binds the artifact to the build that produced it, so a deploy can verify it is shipping exactly what the pipeline built. Unsigned artifacts are not promotable.

SBOM

Each signed artifact ships with a software bill of materials — the components and dependencies that went into it — so you can audit what is inside an image and answer supply-chain questions without guessing.

Provenance

NOME records build provenance: what ran, on which runner, from which commit, with which inputs. Provenance plus signature plus SBOM is the evidence chain the deploy gate checks.

Fail closed on verification

At the deploy gate, an artifact that is unsigned, has a broken signature, or lacks verifiable provenance fails closed — the deploy does not proceed and the reason is reported. NOME never promotes an artifact it cannot verify.

Ready to try it?

Open NOME
BuildKit cacheCodeRabbit compatibility
Nomad Maraud Inc.DocsSupportCareersContactTermsPrivacyAccountStatus
legal@nomadmaraud.com

© 2026 Nomad Maraud Inc. NOME™ is a trademark of Nomad Maraud Inc. All rights reserved.

Futures, foreign currency, and options trading contains substantial risk and is not for every investor. An investor could potentially lose all or more than the initial investment. Risk capital is money that can be lost without jeopardizing one’s financial security or lifestyle. Only risk capital should be used for trading and only those with sufficient risk capital should consider trading. Past performance is not necessarily indicative of future results.

Hypothetical or simulated performance results have certain limitations. Unlike an actual performance record, simulated results do not represent actual trading. Also, since the trades have not been executed, the results may have under- or over-compensated for the impact, if any, of certain market factors, such as lack of liquidity. Simulated trading programs in general are also subject to the fact that they are designed with the benefit of hindsight. No representation is being made that any account will or is likely to achieve profits or losses similar to those shown.

NinjaTrader® is a registered trademark of NinjaTrader Group, LLC. No NinjaTrader company has any affiliation with the owner, developer, or provider of the products or services described herein, or any interest, ownership or otherwise, in any such product or service, or endorses, recommends or approves any such product or service.

Nomad Maraud may receive compensation when users register through partner links. This does not constitute a recommendation to trade futures or open a brokerage account.

NOME