Software Supply Chain Transparency Log

SourceHub is a trust protocol, acting as the transparency log for the Source ecosystem

verify https assets with a public transparency log

Signature Transparency Log designed for ease of use, low cost, and minimal maintenance

keep tabs on Go modules

🥸 Experimental p2p gossip network for OpenPGP signature transparency 🥸

A collection of open source tlog tooling.

PHP Implementation of the Public Key Directory Server

Transparenty Immutable Container Image Tags

Secure, auditable agent-to-agent communication framework

Cryptographic, immutable, append only software release ledger.

A very simple certificate transparency log scraper for a very specific use case.

kernel.org transparency log monitor

Transparency and auditability of electoral data

Verifiable Usage Receipts for AI APIs. Cryptographic proof that your token bill is real. Ed25519 + Fulcio signing, RFC 6962 Merkle proofs, Trillian Tessera log, C2SP witness cosigning, Rekor public anchoring, Rust tokenizer verification. No blockchain.

Verifiable agent actions. Every action becomes signed context for the next. Ed25519 signatures, Merkle log proofs, independently verifiable by anyone.

track and archive ssh keys from different git users, local-first, within your own local transparency log, see https://paepcke.de/keys (app/lib/api)

AIE Audit-Chain: Ed25519 + O(log n) Merkle audit-trail for KMU consulting (EU AI Act Art. 12). Part of the AIE audit-stack.

Append-only event kernel with Ed25519-signed Merkle checkpoints. Every AI action gets a verifiable receipt.

The Merkle Merge Tree (MMT) data structure implements an insert-only multiset supporting exclusion proofs