signbridge

signbridge is an internal release attestation gateway. It handles tag event webhooks from the source platform, validates mutation policy, issues attestation receipts into a transparency log, and promotes artifacts to the downstream registry. Inspired by CVE-2026-33634.

install

pip install -e .[dev]

run tests

pytest tests/

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.idea		.idea
signbridge		signbridge
tests		tests
.gitignore		.gitignore
README.md		README.md
pyproject.toml		pyproject.toml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

signbridge

install

run tests

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

signbridge

install

run tests

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages