Cryptographic Signing

COSE and JWS signatures are supported for secure authentication, enabling versatile signing and verification of software artifacts. The system is built on standard PKI, ensuring reliable and compatible cryptographic operations. It accommodates online and air-gapped signing scenarios to meet diverse requirements.

Secure authentication

Flexible signing scenarios

Compatibility and reliability

Security Policy

The ability to customize trust policies is provided, allowing users to determine the authenticity of signed artifacts. It is ensured that all artifacts are signed with trusted identities and originate from trusted registries, thus enhancing system integrity and authenticity.

Customizable trust policies

Trusted registry validation

Trusted identity verification

Extensibility

The system provides extensibility options that allow users to customize and adapt the platform according to their specific needs. With a flexible architecture and robust APIs, integration and extension of functionalities can be achieved to meet their requirements effectively.

Automated signing

SDK for development

Pluggable design & ecosystem integration

Multi-registry

Multiple registries are supported, facilitating the management and organization of artifacts across different repositories. The platform offers seamless integration and synchronization capabilities, enabling efficient collaboration with artifacts from various sources.

Push & store signatures

Consistent integrity

Portable & immutable signatures

Community-driven

The platform is community-driven, with active participation and collaboration from developers worldwide. They can join the vibrant community to share knowledge, contribute to the ecosystem, and benefit from collective expertise to drive innovation and growth.

Fast iteration

Diverse expertise

Open-source & community-driven