Macaron Utilities is a collection of companion tools and plugins for the Macaron supply chain security framework.
This repository includes:
- Maven and Gradle plugins to verify software artifacts using Verification Summary Attestations (VSAs) generated by Macaron.
- Consisting of a common library in
artifact-verifier, and the plugins inartifact-verifier-mavenandartifact-verifier-gradle.
- Consisting of a common library in
Build and install artifact-verifier first, then build and install artifact-verifier-maven and artifact-verifier-gradle afterward.
This project welcomes contributions from the community. Before submitting a pull request, please review our contribution guide
Please consult the security guide for our responsible security vulnerability disclosure process
Copyright (c) 2025, 2025 Oracle and/or its affiliates. Macaron utilities are licensed under the Universal Permissive License (UPL), Version 1.0.