Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

github.com/google/trillian-examples

Package Overview
Dependencies
Alerts
File Explorer
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

github.com/google/trillian-examples

  • v0.0.0-20241029120015-70498de8376f
  • Source
  • Go
  • Socket score

Version published
Created
Source

Trillian examples

OpenSSF Scorecard GoDoc Slack Status

This repository contains example applications built on top of Trillian, showing that it's possible to apply transparency concepts to problems other than certificates. It also contains general-purpose components that can be used to strengthen the guarantees of a transparent ecosystem that already contains verifiable logs.

Currently the examples here are:

  • binary_transparency/firmware: A demo showing how to apply transparency bring discoverability to device firmware updates, but the principles are also more generally applicable to all kinds of binaries/updates.
  • helloworld: A simple example demonstrating the correct configuration of a Trillian log, personality, and client.
  • sumdbverify: Demonstration of an auditor for the Go SumDB module proxy, which clones a log and verifies the data in it.

The general-purpose components are:

  • serverless: A suite of command-line tools for managing transparency logs whose state is entirely composed of on-disk files, along with examples of how to use GitHub/GitHub Actions to host & publicly serve the log.

Notable projects that have graduated from this repository to their own top-level repositories:

There are two experimental deployments of the witness that have been deleted but are signposted here for archival reasons. Both of these tools can be retrieved by cloning this repository at git commit 793dcf1:

These examples and components are not supported per-se, but the Trillian team will likely try to help where possible. You can contact them via the channels listed under Support on the Trillian repo.

FAQs

Package last updated on 29 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc