Open Source Projects

Sigstore is an open-source software supply chain security project that provides cryptographic signing and verification for software artifacts. It eliminates long-lived signing keys by using short-lived certificates tied to OpenID Connect identities. The system includes Cosign, Rekor, and Fulcio, creating a comprehensive solution for establishing provenance and integrity in software distribution.

The Operating System for AI Agents. Built on operating system principles, AgentUp provides a robust foundation for creating AI agents through its highly extensible architecture. Its pluggable design lets you customize and add functionality without touching core code - giving you the flexibility to build exactly what you need while maintaining system stability, and ensuring your agents are portable and maintainable.

Akta is a prototype project designed to enable secure and verifiable interactions between AI agents. It establishes a framework for time-bound capability-based access control, allowing agents to delegate tasks and share resources with fine-grained control. The system leverages decentralized identity and verifiable credentials to create a cryptographically and auditable environment for autonomous agent operations.

Create huge datasets for model training or Agent evals. Used by Hugging Face and numerous other organizations and researchers.

Bandit is a Python security analysis tool that identifies common security vulnerabilities in Python codebases through static analysis. It examines source code for security issues like SQL injection, hardcoded passwords, and unsafe cryptographic practices. The tool integrates into development workflows through CI/CD pipelines, providing configurable reports to help developers address security flaws.

Sigstore signing of the A2A (Agent-to-Agent) protocol providing full provenance attestations of an AI Agent's origin. Enables verifiable supply chain security for AI agents through cryptographic verification, identity constraints, and transparency log verification using short-lived certificates.