attestation
There are 147 repositories under attestation topic.
GrapheneOS/Auditor
Hardware-based attestation / intrusion detection app for Android devices. It provides both local verification with another Android device via QR codes and optional scheduled server-based verification with support for alert emails. It uses hardware-backed keys and attestation support as the foundation and chains trust to the app for software checks.
in-toto/witness
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
chainloop-dev/chainloop
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
keylime/keylime
A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT
intel/confidential-computing-zoo
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
bureado/awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source
in-toto/attestation
in-toto Attestation Framework
ShaneK2/inVtero.net
inVtero.net: A high speed (Gbps) Forensics, Memory integrity & assurance. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machiene Introspection techniques
Consensys/linea-attestation-registry
Verax is a shared registry for storing attestations of public interest on EVM chains, designed to enhance data discoverability and consumption for dApps across the network.
a-sit-plus/signum
Kotlin Multiplatform Crypto/PKI/ASN.1 Library with Attestation and Hardware-Backed Crypto Support on Mobile
GrapheneOS/AttestationServer
attestation.app remote attestation server. Server code for use with the Auditor app: https://github.com/GrapheneOS/Auditor. It provides two services: submission of attestation data samples and a remote attestation implementation with email alerts to go along with the local implementation based on QR code scanning in the app.
coinbase/verifications
📜 "Coinbase Verifications" is a set of Coinbase-verified onchain attestations that enable access to apps and other onchain benefits.
confidential-containers/trustee
Attestation and Secret Delivery Components
mchmarny/s3cme
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
CycloneDX/cyclonedx-python-lib
Python implementation of OWASP CycloneDX
hex-five/multizone-sdk
MultiZone® Security TEE is the quick and safe way to add security and separation to any RISC-V processors. The RISC-V standard ISA doesn't define TrustZone-like primitives to provide hardware separation. To shield critical functionality from untrusted third-party components, MultiZone provides hardware-enforced, software-defined separation of multi
veehaitch/devicecheck-appattest
Server-side library to validate the authenticity of Apple App Attest artifacts, written in Kotlin.
ARM-software/psa-api
Documentation source and development of the PSA Certified API
virtee/sev-snp-measure
Calculate AMD SEV/SEV-ES/SEV-SNP measurement for confidential computing
kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Foxboron/ssh-tpm-ca-authority
SSH Certificate Authority with device attestation
Catherine22/SecuritySample
(Android) Hide encrypted secret API keys in C/C++ code, retrieve and decrypt them via JNI. Google SafetyNet APIs example.
Azure/blockchain-supply-chain-solution
Umbrella repository for blockchain based supply-chain services and clients
chainguard-dev/vex
vexctl is a tool to attest VEX impact statements
pkic/remote-key-attestation
Remote Key Attestation
GrapheneOS-Archive/AttestationSamples
A small subset of the submitted sample data from https://github.com/GrapheneOS/Auditor. It has a sample attestation certificate chain per device model (ro.product.model) along with a subset of the system properties from the sample as supplementary information.
nokia/AttestationEngine
An experimental (but fully functional) Remote Attestation Engine and Applications for TPM2.0 based systems (cloud, edge, IoT etc)
zntrio/solid
An OIDC authorization server building blocks with security and privacy by design philosophy.
adrianlshaw/LightVerifier
Simple and scalable Linux tools for verifying TPM-based remote attestations 🔬⚖️🔐⛓📏📜
hex-five/multizone-iot-sdk
MultiZone® Trusted Firmware is the quick and safe way to build secure IoT applications with any RISC-V processor. It provides secure access to commercial and private IoT clouds, real-time monitoring, secure boot, and remote firmware updates. The built-in Trusted Execution Environment provides hardware-enforced separation ...
joemiller/yk-attest-verify
Verify and assert policy on YubiKey attestation certificates
zero-savvy/zk-remote-attestation
Implementation of zRA protocol, a non-interactive method for constructing a transparent remote attestation (RA) protocol based on zkSNARKs.
hex-five/multizone-linux
MultiZone® Security Enclave for Linux
kinvolk/azure-cvm-tooling
Libraries and tools for Confidential Computing on Azure
jedda/step-posture-connector
A middleware tool to assist step-ca with posture info during an ACME device-attest-01 challenge.
jeremyhahn/go-trusted-platform
Platform software for Trusted Computing - TPM 2.0, Certificate Authority, and Web Services required to perform Local and Remote Attestation, provision, deploy, manage, and secure connected devices and networks at scale.