Security●●Solid
I built a Cargo supply chain auditor using Claude and GitHub Actions
Tarball diffing plus Claude analysis catches build.rs backdoors cargo-audit misses.
Big BrainSolve My Problem
T-RN-R
302mo ago
Back to browse
CI/lock – supply-chain attestation CLI, from the Witness creators
by colek42·Jun 9, 2026·1 point·0 comments
AI Analysis
●●●BangerBig BrainZero to One
From Witness/in-toto creators, keyless attestation blocks poisoned CI runs.
Strengths
- •Keyless signing eliminates long-lived keys that attackers can steal.
- •Policy gating requires human approval before release.
- •Records complete build provenance including commands, inputs, and artifacts.
Weaknesses
- •New tool needs adoption across CI pipelines.
- •Policy authoring requires security expertise teams may lack.
Category
Target Audience
DevOps engineers, security teams, AI agent pipeline operators
Similar To
Sigstore · in-toto · SLSA
Similar Projects
Infrastructure●●●Banger
SEL Deploy – Tamper-evident deployment timeline (Ed25519, hash-chained)
Ed25519-chained immutable deployment log—instant detection of tampering or reordering.
WizardrySolve My ProblemBig Brain
chokriabouzid
103mo ago
Security●●●●Gem
Vett – Scan, sign, and verify AI agent skills before installing
First real supply-chain defense for AI agent ecosystems; catches nation-state-grade payloads.
Zero to OneBig BrainWizardry
nikon
303mo ago
Security●Mid
Pqurp – Quarantine Window for Packages to Prevent Supply Chain Attacks
Speculative protocol for package quarantine without a reference implementation or registry buy-in.
Bold Bet
exec7
5027d ago
Security●Mid
Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3
NPM supply chain scanner competing against Socket, Snyk, and npm audit.
Ship It
lateos-ai
107d ago
Data●●Solid
Map of 90 companies in the co-packaged optics supply chain
Maps hidden monopolies like Soitec wafers and Ajinomoto dielectric films.
Niche GemRabbit Hole
lboquillon
1022d ago