Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
witness
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
-
archivista
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
The version of Visual Studio Code published by Microsoft, for example, uses a non-open source license because their build process adds proprietary components (e.g., telemetry). (VSCodium was created to generate FOSS releases from Microsoft's core repository)
This just got accepted as a proposal in NPM: https://github.com/npm/rfcs/pull/626
Verifying provenance across CI steps is what the in-toto project was designed to help with. We implement in-toto with our open-source projects, Witness and Archivist.
Verifying provenance across CI steps is what the in-toto project was designed to help with. We implement in-toto with our open-source projects, Witness and Archivist.