Provenance is a term that's basically synonymous for the origins of a thing. In software, provenance usually refers to the build process that created an artifact (a program, a file, a smartphone app, and so on).
Without establishing the provenance of a piece of software—like the code it was built from or the server it was downloaded from—it's hard to know how much you should trust that piece of software. Is it a useful piece of software created by people you trust? Or does it masquerade as a useful piece of software while doing something you don't want, like mining secrets from your filesystem or mining Bitcoin? Establishing the provenance of that software usually helps to answer that question.