Trust by default
Code diff, attestations, and signing. A short overview.
Last updated
Code diff, attestations, and signing. A short overview.
Every artifact Seal ships is accompanied by mechanisms that let you, your auditors, and your customers verify what was changed, who built it, and whether it has been tampered with. The full surface lives in Trust, transparency & compliance. A short overview here.
For every sealed version, Seal publishes the diff against the origin version. The change is a targeted patch that fixes the vulnerability. You can read the change, in source, before you accept the sealed package. See the code diff page.
Each sealed artifact ships with an attestation listing exactly which vulnerabilities have been remediated. Two formats are produced for every artifact: a PDF attestation for human review, and a VEX record for machine consumption (Trivy, Wiz, and other scanners). Per-package and bulk download are both supported. See Attestations.
Every sealed artifact is cryptographically signed before publication. The Seal CLI validates signatures automatically before installing a sealed package. Hashes are published for independent verification. See Cryptographic signing and hash verification.
Last updated