Our Commitment to Open Source

TestifySec is committed to advancing open source security through our contributions to key projects in the software supply chain ecosystem. We believe secure software should be accessible to all.

View on GitHub
"You Push Code. We Prove Compliance."

This core mission drives our commitment to developing and maintaining open source tools that democratize supply chain security. We actively contribute to the ecosystem through code, specifications, and community leadership.

Our Core Open Source Projects

We maintain and contribute to essential projects that form the backbone of modern supply chain security.

Witness

End-to-End Metadata Capture

Primary open-source tool for end-to-end metadata capture and verification. Implements the in-toto specification to facilitate attestation generation and policy enforcement throughout your CI/CD pipeline.

in-totoSLSAAttestations
DocumentationGitHub

Archivista

Graph Database for Attestations

Graph database and data store for in-toto attestations. Enables discovery and querying of supply chain attestations with a powerful GraphQL API for complex attestation queries and management.

GraphQLDatabaseMetadata
GitHub

Major Open Source Contribution

In January 2024, TestifySec officially donated Witness and Archivista as subprojects under in-toto, ratified by the in-toto steering committee and integrated into the CNCF ecosystem.

This positions go-witness as the primary library for generating in-toto attestations, ensuring robust governance and long-term sustainability for the community.

Community Leadership

Our team includes maintainers and steering committee members of key open source projects.

Project Maintainers

Our team maintains critical projects including in-toto, TUF, Witness, Archivista, and Repository Service for TUF.

OpenSSF Participation

Active leadership in OpenSSF Security Toolbelt and participation in working groups for Securing Software Repositories.

Standards Development

Contributing to specifications and standards including SLSA, in-toto, and supply chain security frameworks.

Open Source Ecosystem

We actively collaborate with and contribute to the broader open source security ecosystem.

in-toto logo

in-toto

Supply chain attestation framework

Sigstore logo

Sigstore

Keyless code signing

SPIFFE/SPIRE logo

SPIFFE/SPIRE

Workload identity

TUF logo

TUF

Secure software updates

SLSA logo

SLSA

Supply chain security levels

Tekton logo

Tekton

CI/CD pipeline integration

CNCF logo

CNCF

Cloud native ecosystem

OpenSSF logo

OpenSSF

Open source security foundation

Government Partnership

Selected by DHS and CISA as one of 7 startups to develop next-generation security tools.

Protobom Initiative

Collaboration with OpenSSF and Silicon Valley Innovation Program (SVIP) to develop Protobom, a next-generation SBOM format and tooling ecosystem.

Working alongside Lockheed Martin and NYU to create the Protobomit tool for enhanced software bill of materials management.

Impact & Recognition

  • Selected from thousands of applicants nationwide
  • Advancing critical infrastructure security
  • Contributing to national cybersecurity initiatives

Get Involved

Join our community and contribute to the future of supply chain security.

Contribute Code

Help improve Witness, Archivista, and other projects. Check out our repositories and contribution guidelines.

View Repositories

Documentation

Learn how to use our tools and contribute to the documentation to help others get started.

Read the Docs

Join the Community

Connect with other developers, security engineers, and contributors in our community spaces.

Get in Touch

Ready to Secure Your Supply Chain?

Join the TestifySec community and start automating compliance evidence collection today.

Get StartedLearn More
Ask TestifySecAI-powered help