Show HN: CI/Lock – signed evidence of what your CI ran
By colek42 · 2026-06-30 · 1 points · 0 comments
https://cilock.dev/
I helped create Witness, donated it to the CNCF/in-toto ecosystem, and worked on the NIST 800-204D "pipeline observer" guidance. CI/Lock is the next version of that work, and it's under the Apache 2.0 license. Here's the gap it closes. In March, two supply-chain attack…
Open the full discussion on BetterNews