Package: wnpp
Severity: wishlist
Owner: Simon Josefsson <simon@josefsson.org>
* Package name : golang-github-in-toto-archivista
Version : 0.8.0-1
Upstream Author : in-toto
* URL : https://github.com/in-toto/archivista
* License : Apache-2.0
Programming Lang: Go
Description : graph and storage service for in-toto attestations
Archivista is a graph and storage service for in-toto (https://in-toto.io)
attestations. Archivista enables the discovery and retrieval of
attestations for software artifacts.
.
Archivista enables you to
.
* Store and retrieve in-toto attestations
* Query for relationships between attestations via a GraphQL API
* Validate Witness policy without the need to manually list expected
attestations
.
Archivista is a trusted store for supply chain metadata
.
* It creates a graph of supply chain metadata while storing
attestations that
can be later used for policy validation and flexible querying.
* It is designed to be horizontally scaleable, supporting storing a
large number
of attestations.
* It supports deployment on major cloud service and infrastructure
providers,
making it a versatile and flexible solution for securing software
supply
chains.
* It only stores signed attestations to further enhance security and
and
increase trust.
Needed by golang-github-in-toto-go-witness #1089740
https://salsa.debian.org/go-team/packages/golang-github-in-toto-archivista
/Simon
Attachment:
signature.asc
Description: PGP signature