Zero-knowledge build integrity verification using SLSA + in-toto + Sigstore.
VBW is a thin, auditable policy layer that enforces independence: if a build requires internal access, private networks, or secrets, VBW treats that as a policy failure. VBW never touches credentials and cannot leak what it never sees.
| Check | Description |
|---|---|
| CI | cargo fmt + clippy + test + audit + deny |
| License | Apache-2.0 |
| MSRV | 1.88.0 |
cargo build --release# SLSA verifier
go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@latest
# in-toto
pip install in-toto
# Sigstore (cosign)
go install github.com/sigstore/cosign/v2/cmd/cosign@latestThe example runs without external tooling:
./target/release/vbw verify examples/minimal-bundle \
--no-external --dry-run --slsa-mode schema-only
cat examples/minimal-bundle/vbw/report.jsonvbw verify ./bundle \
--artifact ./bundle/myapp \
--source-uri github.com/org/repovbw show \
--attestation bundle/vbw/vbw-attestation.json \
--sigstore-bundle bundle/vbw/vbw-attestation.sigstore.bundlebundle/
provenance.json # SLSA provenance
layout.json # in-toto layout
links/ # in-toto attestations (*.link)
artifacts/ # (optional) binaries to verify
vbw-policy.json # (optional) custom policy
vbw/ # VBW output
vbw-attestation.json
vbw-attestation.sigstore.bundle
report.json
Create vbw-policy.json (see vbw-policy.json.example):
{
"allowed_builder_prefixes": [
"https://github.com/",
"https://gitlab.com/"
],
"builder_allowlist_is_warning": true,
"forbid_private_network_refs": true,
"forbid_secrets": true,
"require_digests": true
}# Run all quality gates (mirrors CI)
make check
# Individual targets
make fmt # Check formatting
make clippy # Lint
make test # Tests (debug + release)
make audit # Security audit
make deny # License/ban/advisory/source checks
make build # Debug build
make release # Release buildVBW is designed for deployment in regulated environments and follows RustSec best practices:
- Zero
unsafecode:#![forbid(unsafe_code)]-- cannot be overridden - Zero known advisories:
cargo-audit+cargo-denyon every PR + daily - No
.unwrap()in production:clippy::unwrap_used = "deny" - No FFI/C dependencies: OpenSSL is explicitly banned in
deny.toml - Linear-time regex: No catastrophic backtracking (ReDoS) possible
- Symlink-safe I/O: All untrusted file reads reject symlinks
- Size-bounded inputs: Enforced limits on all untrusted data
- No shell invocation: External tools called via
std::process::Command - Secret redaction: Tool stderr is sanitized before inclusion in reports
This repository follows banking-grade operational standards:
- Pinned CI actions: All GitHub Actions pinned to SHA, not mutable tags
- Supply chain policy:
cargo-denyenforces license, advisory, ban, and source rules - Automated audits: Daily
cargo-audit+cargo-denyvia scheduled workflow - Dependency updates: Dependabot for Cargo and GitHub Actions
- DCO enforcement: All commits require Developer Certificate of Origin sign-off
- Code ownership: CODEOWNERS enforces mandatory review by domain experts
- Branch protection: Requires 2 approvals, signed commits, linear history
- SBOM generation: CycloneDX SBOM included in every release
- Reproducible toolchain:
rust-toolchain.tomlpins compiler version - Strict formatting:
rustfmt.toml+clippy.tomlwith zero-warning policy
ARCHITECTURE.md-- Composition model and threat boundariesAUDIT-BOUNDARY.md-- IP delineation and third-party audit scopeSECURITY.md-- Vulnerability disclosure and security modelCONTRIBUTING.md-- Contribution guidelines and quality requirementsCODE_OF_CONDUCT.md-- Community standardsexamples/DEMO.md-- Reproducible demo workflowDCO-- Developer Certificate of Origin