Provenance for the currently running server binary - source information, build attestations, vulnerability scans, SBOMs, licensing, and container metadata. The application is a custom Go binary built with security and observability as primary concerns.
Source: linnemanlabs-web on GitHub
Source: build-system on GitHub
This page currently covers application-level provenance. I’m working toward extending attestations down through the full trust hierarchy - OS-level integrity (IMA/EVM), dm-verity verified filesystems, kernel lockdown, UEFI Secure Boot, and TPM-based hardware attestation - so that every layer is cryptographically anchored to the one below it.