witness

Automates, normalizes, and verifies software artifact provenance

brewmacoslinux

Try with needOr install directly

About

Automates, normalizes, and verifies software artifact provenance

witness

Run a command and record its provenance$ witness run -o artifact.json -- make build

Verify artifact provenance against a policy$ witness verify -artifactFile artifact.json -policyFile policy.json

Sign artifacts with cryptographic key$ witness sign -artifactFile artifact.json -keyPath private.key