Description
Software supply-chain provenance can be collected, normalized, and verified through a pluggable framework. Security and release teams can attach evidence to builds; signing keys, attestations, and CI metadata must be protected.
FICHA · AUR
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
en Software supply-chain provenance can be collected, normalized, and verified through a pluggable framework. Security and release teams can attach evidence to builds; signing keys, attestations, and CI metadata must be protected.
witness
Commands: witness
Permissions not analysed for this source yet.