{"id":18574435,"url":"https://github.com/atsign-foundation/at_server","last_synced_at":"2026-05-21T11:07:18.491Z","repository":{"id":37081849,"uuid":"307677190","full_name":"atsign-foundation/at_server","owner":"atsign-foundation","description":"The software implementation of Atsign's core technology","archived":false,"fork":false,"pushed_at":"2026-05-20T09:42:04.000Z","size":23120,"stargazers_count":42,"open_issues_count":82,"forks_count":13,"subscribers_count":9,"default_branch":"trunk","last_synced_at":"2026-05-20T10:06:42.587Z","etag":null,"topics":["atsign","dart","hacktoberfest","server"],"latest_commit_sha":null,"homepage":"https://docs.atsign.com","language":"Dart","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/atsign-foundation.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"code_of_conduct.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-10-27T11:24:12.000Z","updated_at":"2026-05-20T09:42:06.000Z","dependencies_parsed_at":"2023-10-03T02:30:24.924Z","dependency_job_id":"31c43d28-4cf9-4b96-a552-d938c4d9d74c","html_url":"https://github.com/atsign-foundation/at_server","commit_stats":{"total_commits":1903,"total_committers":24,"mean_commits":79.29166666666667,"dds":0.7277982133473463,"last_synced_commit":"18bc7db53ca97c8cb15c669cdacb947d807e8f66"},"previous_names":[],"tags_count":207,"template":false,"template_full_name":null,"purl":"pkg:github/atsign-foundation/at_server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atsign-foundation%2Fat_server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atsign-foundation%2Fat_server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atsign-foundation%2Fat_server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atsign-foundation%2Fat_server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/atsign-foundation","download_url":"https://codeload.github.com/atsign-foundation/at_server/tar.gz/refs/heads/trunk","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/atsign-foundation%2Fat_server/sbom","scorecard":{"id":97542,"data":{"date":"2025-08-15T08:28:20Z","repo":{"name":"github.com/atsign-foundation/at_server","commit":"550b498781e68dda5ef8cb0aa94ac79b0219d2c1"},"scorecard":{"version":"v5.2.1","commit":"ab2f6e92482462fe66246d9e32f642855a691dc1"},"score":9.2,"checks":[{"name":"Maintained","score":10,"reason":"30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#security-policy"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#code-review"}},{"name":"Dependency-Update-Tool","score":10,"reason":"update tool detected","details":["Info: detected update tool: Dependabot: .github/dependabot.yml:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dependency-update-tool"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":10,"reason":"GitHub workflow tokens follow principle of least privilege","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/at_server.yaml:896","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server.yaml:945","Info: jobLevel 'contents' permission set to 'read': .github/workflows/at_server.yaml:973","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server.yaml:201","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server.yaml:1017","Info: jobLevel 'contents' permission set to 'read': .github/workflows/at_server.yaml:823","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server.yaml:1086","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server.yaml:872","Info: jobLevel 'contents' permission set to 'read': .github/workflows/at_server.yaml:1041","Info: jobLevel 'contents' permission set to 'read': .github/workflows/at_server_prod_deploy.yaml:16","Info: jobLevel 'actions' permission set to 'read': .github/workflows/at_server_prod_deploy.yaml:53","Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32","Info: jobLevel 'actions' permission set to 'read': .github/workflows/promote_canary.yaml:174","Info: jobLevel 'contents' permission set to 'read': .github/workflows/promote_canary.yaml:17","Info: jobLevel 'actions' permission set to 'read': .github/workflows/promote_canary.yaml:62","Info: jobLevel 'contents' permission set to 'read': .github/workflows/promote_canary.yaml:78","Info: jobLevel 'actions' permission set to 'read': .github/workflows/promote_canary.yaml:120","Info: topLevel 'contents' permission set to 'read': .github/workflows/at_server.yaml:27","Info: topLevel 'contents' permission set to 'read': .github/workflows/at_server_dev_deploy.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/at_server_prod_deploy.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/autobug.yaml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24","Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13","Info: topLevel 'contents' permission set to 'read': .github/workflows/melos_bootstrap.yaml:12","Info: topLevel 'contents' permission set to 'read': .github/workflows/promote_canary.yaml:10","Info: topLevel 'contents' permission set to 'read': .github/workflows/refreshcerts.yaml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/revert_secondary.yaml:17","Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:18","Info: topLevel 'contents' permission set to 'read': .github/workflows/ve_base.yaml:8","Info: topLevel 'contents' permission set to 'read': .github/workflows/vip_rebuild.yaml:13","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":5,"reason":"badge detected: Passing","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#cii-best-practices"}},{"name":"Signed-Releases","score":10,"reason":"4 out of the last 4 releases have a total of 4 signed artifacts.","details":["Info: provenance for release artifact: atserver-p3.5.3-sbom.cdx.json.intoto.jsonl: https://github.com/atsign-foundation/at_server/releases/tag/p3.5.3","Info: provenance for release artifact: multiple.intoto.jsonl: https://github.com/atsign-foundation/at_server/releases/tag/c3.5.3","Info: provenance for release artifact: atserver-p3.5.2-sbom.cdx.json.intoto.jsonl: https://github.com/atsign-foundation/at_server/releases/tag/p3.5.2","Info: provenance for release artifact: multiple.intoto.jsonl: https://github.com/atsign-foundation/at_server/releases/tag/c3.5.2"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":9,"reason":"dependency not pinned by hash detected -- score normalized to 9","details":["Info: Possibly incomplete results: error parsing shell code: not a valid arithmetic operator: $: .github/workflows/at_server.yaml:610","Warn: containerImage not pinned by hash: tools/build_secondary/Dockerfile.canary_to_prod:1: pin your Docker image by updating atsigncompany/secondary:canary to atsigncompany/secondary:canary@sha256:57e5227f0b69d1b3d8b2963dd4014e4aa65b32ab7a6f51385e9a86be6df94c5c","Warn: containerImage not pinned by hash: tools/build_virtual_environment/ve/Dockerfile:1: pin your Docker image by updating atsigncompany/vebase:latest to atsigncompany/vebase:latest@sha256:353a0a53b39adef480b10d2d9a2209fd28c9ca2b638ff2cc93423f29ebfa96bf","Warn: containerImage not pinned by hash: tools/build_virtual_environment/ve/Dockerfile.canary_to_vip:1: pin your Docker image by updating atsigncompany/virtualenv:canary to atsigncompany/virtualenv:canary@sha256:4faeceac9538d660e2d9fbe1889e4bf9c2f61c839b47a61d88edac2849e450c3","Warn: containerImage not pinned by hash: tools/build_virtual_environment/ve/Dockerfile.vip:20: pin your Docker image by updating atsigncompany/vebase:latest to atsigncompany/vebase:latest@sha256:353a0a53b39adef480b10d2d9a2209fd28c9ca2b638ff2cc93423f29ebfa96bf","Info:  42 out of  42 GitHub-owned GitHubAction dependencies pinned","Info:  92 out of  92 third-party GitHubAction dependencies pinned","Info:   8 out of  12 containerImage dependencies pinned","Info:   1 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#vulnerabilities"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/at_server.yaml:810"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#packaging"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (30) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#sast"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#license"}},{"name":"Branch-Protection","score":8,"reason":"branch protection is not maximal on development and all release branches","details":["Info: 'allow deletion' disabled on branch 'trunk'","Info: 'allow deletion' disabled on branch 'release_3.1.1'","Info: 'allow deletion' disabled on branch 'release_c3.1.0'","Info: 'allow deletion' disabled on branch 'release_3.0.52'","Info: 'allow deletion' disabled on branch 'release_3.0.51'","Info: 'allow deletion' disabled on branch 'release_3.0.50'","Info: 'force pushes' disabled on branch 'trunk'","Info: 'force pushes' disabled on branch 'release_3.1.1'","Info: 'force pushes' disabled on branch 'release_c3.1.0'","Info: 'force pushes' disabled on branch 'release_3.0.52'","Info: 'force pushes' disabled on branch 'release_3.0.51'","Info: 'force pushes' disabled on branch 'release_3.0.50'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'trunk'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'release_3.1.1'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'release_c3.1.0'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'release_3.0.52'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'release_3.0.51'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'release_3.0.50'","Info: 'stale review dismissal' is required to merge on branch 'trunk'","Info: 'stale review dismissal' is required to merge on branch 'release_3.1.1'","Info: 'stale review dismissal' is required to merge on branch 'release_c3.1.0'","Info: 'stale review dismissal' is required to merge on branch 'release_3.0.52'","Info: 'stale review dismissal' is required to merge on branch 'release_3.0.51'","Info: 'stale review dismissal' is required to merge on branch 'release_3.0.50'","Warn: required approving review count is 1 on branch 'trunk'","Info: required approving review count is 2 on branch 'release_3.1.1'","Info: required approving review count is 2 on branch 'release_c3.1.0'","Info: required approving review count is 2 on branch 'release_3.0.52'","Info: required approving review count is 2 on branch 'release_3.0.51'","Info: required approving review count is 2 on branch 'release_3.0.50'","Warn: codeowners review is required - but no codeowners file found in repo","Warn: codeowners review is required - but no codeowners file found in repo","Warn: codeowners review is required - but no codeowners file found in repo","Warn: codeowners review is required - but no codeowners file found in repo","Warn: codeowners review is required - but no codeowners file found in repo","Warn: codeowners review is required - but no codeowners file found in repo","Info: 'last push approval' is required to merge on branch 'trunk'","Info: 'last push approval' is required to merge on branch 'release_3.1.1'","Info: 'last push approval' is required to merge on branch 'release_c3.1.0'","Info: 'last push approval' is required to merge on branch 'release_3.0.52'","Info: 'last push approval' is required to merge on branch 'release_3.0.51'","Info: 'last push approval' is required to merge on branch 'release_3.0.50'","Info: 'up-to-date branches' is required to merge on branch 'trunk'","Info: 'up-to-date branches' is required to merge on branch 'release_3.1.1'","Info: 'up-to-date branches' is required to merge on branch 'release_c3.1.0'","Info: 'up-to-date branches' is required to merge on branch 'release_3.0.52'","Info: 'up-to-date branches' is required to merge on branch 'release_3.0.51'","Info: 'up-to-date branches' is required to merge on branch 'release_3.0.50'","Info: status check found to merge onto on branch 'trunk'","Info: status check found to merge onto on branch 'release_3.1.1'","Info: status check found to merge onto on branch 'release_c3.1.0'","Info: status check found to merge onto on branch 'release_3.0.52'","Info: status check found to merge onto on branch 'release_3.0.51'","Info: status check found to merge onto on branch 'release_3.0.50'","Info: PRs are required in order to make changes on branch 'trunk'","Info: PRs are required in order to make changes on branch 'release_3.1.1'","Info: PRs are required in order to make changes on branch 'release_c3.1.0'","Info: PRs are required in order to make changes on branch 'release_3.0.52'","Info: PRs are required in order to make changes on branch 'release_3.0.51'","Info: PRs are required in order to make changes on branch 'release_3.0.50'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#branch-protection"}},{"name":"CI-Tests","score":10,"reason":"11 out of 11 merged PRs checked by a CI test -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#ci-tests"}},{"name":"Contributors","score":10,"reason":"project has 12 contributing companies or organizations","details":["Info: found contributions from: FatFractal, UOIT-Computer-Science-Society, at company, at-family-developers, atsign-company, atsign-foundation, gtet, https://github.com/atsign-foundation, shris infotech, shris infotech services, the @ company, thomson reuters"],"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#contributors"}}]},"last_synced_at":"2025-08-15T09:23:31.327Z","repository_id":37081849,"created_at":"2025-08-15T09:23:31.328Z","updated_at":"2025-08-15T09:23:31.328Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33298340,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-21T02:57:32.698Z","status":"ssl_error","status_checked_at":"2026-05-21T02:57:31.990Z","response_time":62,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["atsign","dart","hacktoberfest","server"],"created_at":"2024-11-06T23:15:22.147Z","updated_at":"2026-05-21T11:07:18.470Z","avatar_url":"https://github.com/atsign-foundation.png","language":"Dart","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ca href=\"https://atsign.com#gh-light-mode-only\"\u003e\u003cimg width=250px src=\"https://atsign.com/wp-content/uploads/2022/05/atsign-logo-horizontal-color2022.svg#gh-light-mode-only\" alt=\"The Atsign Foundation\"\u003e\u003c/a\u003e\u003ca href=\"https://atsign.com#gh-dark-mode-only\"\u003e\u003cimg width=250px src=\"https://atsign.com/wp-content/uploads/2023/08/atsign-logo-horizontal-reverse2022-Color.svg#gh-dark-mode-only\" alt=\"The Atsign Foundation\"\u003e\u003c/a\u003e\n\n[![Build Status](https://github.com/atsign-foundation/at_server/actions/workflows/at_server.yaml/badge.svg?branch=trunk)](https://github.com/atsign-foundation/at_server/actions/workflows/at_server.yaml)\n[![GitHub License](https://img.shields.io/badge/license-BSD3-blue.svg)](./LICENSE)\n[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/atsign-foundation/at_server/badge)](https://securityscorecards.dev/viewer/?uri=github.com/atsign-foundation/at_server\u0026sort_by=check-score\u0026sort_direction=desc)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6713/badge)](https://www.bestpractices.dev/projects/6713)\n[![SLSA 3](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev)\n[![sbomified](https://sbomify.com/assets/images/logo/badge.svg)](https://app.sbomify.com/public/product/yiJJfn8vMN/)\n\n# at_server\n\nThis repo contains the core software implementation of the atProtocol:\n\n## packages\n\n### core runtime services\n\n* [at_root_server](./packages/at_root_server) the root server is a directory\nthat contains the fully qualified domain name (FQDN) and port for secondary\nservers. This is the most minimal amount of data necessary to determine where\nto go to ask for permission. It only contains a record for every atSign as\nwell as the Internet location of the associated secondary server that\ncontains data and permissions.\n\n* [at_secondary_server](./packages/at_secondary_server) the secondary server\nis a personal, secure server that contains a person's data and their\npermissions and terms under which they wish to share with others. The server\nis written in Dart and is incredibly efficient. It has the ability to\nsecurely sync data with other instances in the cloud or on other devices.\n\n### core dependencies\n\n* [at_server_spec](./packages/at_server_spec) is an interface abstraction\nthat defines what the atServer is responsible for.\n\n* [at_persistence_spec](./packages/at_persistence_spec) is the abstracted\nmodule for persistence which can be replaced as desired with some other\nimplementation.\n\n## tests\n\n* [at_functional_test](./tests/at_functional_test/) is a set of self\ncontained tests that make use of at_virtual_environment to run an entire\nmini atSign infrastructure within a single container.\n\n* [at_end2end_test](./tests/at_end2end_test/) is a suite of tests that\ncannot be run standalone, and instead make use of a number of\n[dess](https://github.com/atsign-foundation/dess) atSigns hosted on\nvirtual machines. Tests are arranged so that cross testing happens between\nthe version under test, and production releases.\n\n## tools\n\n* the virtual environment makes use of certificates that need to be refreshed\non a regular basis, which is done with a GitHub Action that runs the\n`acme_certs.py` script.\n\n* the cicd1 and cicd2 directories also contains the scripts used by\nthe dess VMs for end2end tests that ensure the correct images for version\ncross testing.\n\n* [build_virtual_environment](./tools/build_virtual_environment/) contains\nthe Dockerfiles and dependencies used to build the virtual environment\nbase image `ve_base` the virtual environment on that base, and the\n`install_PKAM_Keys` tool that's used to initialise a virtual environment.\n\n* [build_secondary](./tools/build_secondary/) contains the Dockerfiles\nused to build various flavours of secondary server.\n\n## SLSA\n\nSince the c3.0.48 release, the Docker images created from this repo as part\nof a release have SLSA Build Level 3 attestations.\n\nThese can be verified using the\n[slsa-verifier](https://github.com/slsa-framework/slsa-verifier) tool e.g.:\n\n```sh\nTAG=\"c3.0.48\"\nIMAGE=\"atsigncompany/secondary\"\nSHA=$(docker buildx imagetools inspect ${IMAGE}:canary-${TAG} \\\n  --format \"{{json .Manifest}}\" | jq -r .digest)\nslsa-verifier verify-image ${IMAGE}@${SHA} --source-uri \\\n  github.com/atsign-foundation/at_server --source-tag ${TAG}\n```\n\n## Docker image signing\n\nThis repo is the source for a number of Docker images, and they're signed\nduring the build process so that you can verify their authenticity using\n[cosign](https://github.com/sigstore/cosign):\n\n```sh\ncosign verify atsigncompany/secondary:latest \\\n--certificate-oidc-issuer=https://token.actions.githubusercontent.com \\\n--certificate-identity-regexp='^https://github.com/atsign-foundation/at_server/.+'\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatsign-foundation%2Fat_server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fatsign-foundation%2Fat_server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fatsign-foundation%2Fat_server/lists"}