Skip to content
/ spector Public

Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks

License

Apache-2.0 license
30 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kusaridev/spector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Spector

Spector is both tooling and a library for the generation, validation and verification of supply chain metadata documents and frameworks. Many tools generate non-compliant SBOMs or attestations. It currently supports

Library

You can include spector as a library when writing generators for SLSA or other supported document types. It can provide the serialization & deserialization for SLSA attestations, assuring that they are properly to spec before you go further in the process.

Tooling

Spector is still early on and doesn't have an official release yet.

You can run:

cargo run validate in-toto-v1 --predicate slsa-provenance-v1 --file tests/fixtures/slsa_provenance_v1.json

You can replace the slsa_provenance_v1.json with another in-toto statement and even an invalid one to verify the correctness of the document.

Developing and Building

Spector is written in Rust, and built with cargo Check out the code and run cargo build or cargo test.

About

Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

30 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages