FICHA · AUR

witness

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

  • supply-chain-provenance-cli
  • TERMINAL
  • CLI
  • SECURITY
  • Launchable
  • Runs in terminal
official+codex · reviewed · Jun 5, 2026 description in en

Description

Software supply-chain provenance can be collected, normalized, and verified through a pluggable framework. Security and release teams can attach evidence to builds; signing keys, attestations, and CI metadata must be protected.

How to run

witness

Commands: witness

Permissions

Permissions not analysed for this source yet.