{"id":31770003,"url":"https://github.com/jfrog/evidence-extractor","last_synced_at":"2025-10-10T02:56:19.788Z","repository":{"id":303774186,"uuid":"974043246","full_name":"jfrog/evidence-extractor","owner":"jfrog","description":"Free DSSE Attestation Online Decoder Tool","archived":false,"fork":false,"pushed_at":"2025-08-24T05:39:03.000Z","size":618,"stargazers_count":12,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-24T13:10:59.135Z","etag":null,"topics":["attestation","attestations","compliance","dsse","evidence","in-toto"],"latest_commit_sha":null,"homepage":"https://dsse.io/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jfrog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-28T07:08:27.000Z","updated_at":"2025-08-24T05:39:01.000Z","dependencies_parsed_at":"2025-08-24T08:06:16.314Z","dependency_job_id":"eb6ba151-30c9-463d-82ab-9ea9a9627c29","html_url":"https://github.com/jfrog/evidence-extractor","commit_stats":null,"previous_names":["jfrog/evidence-extractor"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jfrog/evidence-extractor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fevidence-extractor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fevidence-extractor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fevidence-extractor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fevidence-extractor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jfrog","download_url":"https://codeload.github.com/jfrog/evidence-extractor/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jfrog%2Fevidence-extractor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279002512,"owners_count":26083403,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attestation","attestations","compliance","dsse","evidence","in-toto"],"created_at":"2025-10-10T02:56:17.511Z","updated_at":"2025-10-10T02:56:19.780Z","avatar_url":"https://github.com/jfrog.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# A Free DSSE Attestation Online Decoder Tool\n\nA simple web-based tool to extract content from DSSE (Dead Simple Signing Envelope) payloads and validate its signing using a public key.\n\n## Features\n\n- Extract and decode base64-encoded payloads from DSSE envelopes\n- Automatic JSON formatting for JSON payloads\n- Signing verification using uploaded/pasted public key\n- Error handling for invalid inputs\n\n\n## Usage\n\nYou are welcomed to use the tool on https://dsse.io/\n\n### Usage\n\n1. Paste your DSSE envelope JSON into the text area\n3. Potentially paste or upload your public key\n3. Click \"Extract \u0026 Verify\" to process the envelope\n4. The decoded content will be displayed on the right side of the tool along with its signature verification result\n5. Alternatively if you have a sigstore bundle, you are welcomed to upload it into the Sigstore Bundle Input tab, and we will extract the DSSE payload from it and also attempt to verify its transparency log entry against sigstore transparency log, if that is available\n\n## DSSE Envelope Format\n\nThe tool expects a DSSE envelope in the following format:\n\n```json\n{\n    \"payload\": \"base64EncodedContent\",\n    \"payloadType\": \"application/json\",\n    \"signatures\": [...]\n}\n```\n\n## Example\n\nInput:\n```json\n{\n    \"payload\": \"eyJtZXNzYWdlIjoiSGVsbG8gV29ybGQifQ==\",\n    \"payloadType\": \"application/json\",\n    \"signatures\": []\n}\n```\n\n## Public key\n\nThe tool expects a valid public key (RSA/PGP)\nNotice that you do not upload/paste keys with \\n, only newlines\n\n## RSA Example\n\n```\n-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07f3tJM904857fh439f7\n...\n2lZw/MW6Gp2Mi7nmo7l3XvSd5PwhCIpxnCbL9ag680+Bht//467gn49f67ng5nko\nnwIDAQAB\n-----END PUBLIC KEY-----\n```\n\n## PGP Example\n\n```\n-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQENBGSG4akBCADGNqHvbIwcEKybDeaBBnhzJceLN8bja5gn65n65e5r6ne9nOsJ\nhfVpopyd1TwvwEKwkiPHX1wpXMveS2EQ0sqxKiYmkcqaXalEio8/5TvCzBmg71kD\n+5V5eIYXdbZ9nRhwno831xhNiisn1/VWfMWgATags71d1gEA/k68+586gn58k/dl\n...\nX2mNxPWgSPLCYG7nC/XkCXSJ2lBkpKFYxNy1riXyoDZTKMA+8765j+UpWZqEGLNs\n567g59wg67n58g6n5n/4yFCS4i8BWCW0JT67/d5DE4G974=\n=l2C3\n-----END PGP PUBLIC KEY BLOCK-----\n```\n\n## Dependencies\n\nOpenPGP.js  https://www.npmjs.com/package/openpgp (licensed under https://www.gnu.org/licenses/lgpl-3.0.en.html)\n\nNode-Forge (forge.js) https://www.npmjs.com/package/node-forge (license under BSD License/GNU General Public License (GPL) Version 2 )\n\n@peculiar/x509 https://www.npmjs.com/package/@peculiar/x509 (license under https://github.com/PeculiarVentures/x509/blob/master/LICENSE)\n\nstarkbank-ecdsa https://www.npmjs.com/package/starkbank-ecdsa (license under https://github.com/starkbank/ecdsa-node/blob/master/LICENSE)\n\n## Note\n\nThis tool only verifies RSA, PGP, and ECDSA signatures. \n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fevidence-extractor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjfrog%2Fevidence-extractor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjfrog%2Fevidence-extractor/lists"}