{"id":15012172,"url":"https://github.com/microsoft/scitt-ccf-ledger","last_synced_at":"2025-04-05T05:08:21.879Z","repository":{"id":63190555,"uuid":"562968818","full_name":"microsoft/scitt-ccf-ledger","owner":"microsoft","description":"Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)","archived":false,"fork":false,"pushed_at":"2025-03-26T05:21:17.000Z","size":756,"stargazers_count":36,"open_issues_count":13,"forks_count":18,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-03-29T04:09:59.140Z","etag":null,"topics":["ccf","cryptography","scitt","security","supply-chain"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/microsoft.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-07T16:25:28.000Z","updated_at":"2025-03-26T05:17:45.000Z","dependencies_parsed_at":"2023-12-19T10:50:37.785Z","dependency_job_id":"73780563-b54e-4ed5-a4dc-6230530cd518","html_url":"https://github.com/microsoft/scitt-ccf-ledger","commit_stats":{"total_commits":157,"total_committers":17,"mean_commits":9.235294117647058,"dds":0.7388535031847134,"last_synced_commit":"2cd8fc9731a70dfdf22eeccb70e043bed4e3248a"},"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fscitt-ccf-ledger","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fscitt-ccf-ledger/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fscitt-ccf-ledger/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/microsoft%2Fscitt-ccf-ledger/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/microsoft","download_url":"https://codeload.github.com/microsoft/scitt-ccf-ledger/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247289428,"owners_count":20914464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ccf","cryptography","scitt","security","supply-chain"],"created_at":"2024-09-24T19:42:12.284Z","updated_at":"2025-04-05T05:08:21.848Z","avatar_url":"https://github.com/microsoft.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# scitt-ccf-ledger\r\n\r\n[![Build and test](https://github.com/microsoft/scitt-ccf-ledger/actions/workflows/build-test.yml/badge.svg)](https://github.com/microsoft/scitt-ccf-ledger/actions/workflows/build-test.yml) [![Build Status](https://github-private.visualstudio.com/microsoft/_apis/build/status%2FOneBranch%2Fscitt-ccf-ledger-wrapper%2Fscitt-ccf-ledger-wrapper-Official?repoName=scitt-ccf-ledger-wrapper\u0026branchName=master)](https://github-private.visualstudio.com/microsoft/_build/latest?definitionId=716\u0026repoName=scitt-ccf-ledger-wrapper\u0026branchName=master)\r\n\r\nThis repository contains the source code for scitt-ccf-ledger, an application\r\nthat runs on top of [CCF](https://github.com/microsoft/CCF) implementing draft standards developed within the [IETF SCITT WG](https://datatracker.ietf.org/wg/scitt/about/). Its purpose is to provide provenance for artefacts in digital supply chains, increasing trust in those artefacts. scitt-ccf-ledger achieves this by allowing signed claims about artefacts to be submitted to a secure immutable ledger, and returning receipts which prove claims have been stored and registration policies applied.\r\n\r\nThis research project is at an early stage and is open sourced to facilitate academic collaborations. We are keen to engage in research collaborations on this project, please do reach out to discuss this by opening an issue.\r\n\r\n## Getting Started\r\n\r\nThe instructions below guide you through building and deploying a local instance of scitt-ccf-ledger for development and testing purposes.\r\n\r\nBeing a CCF application, scitt-ccf-ledger targets AMD SEV-SNP but also supports running on x86-64 hardware without TEE support in what is called *virtual* mode.\r\n\r\nAll instructions below assume Linux as the operating system.\r\n\r\n### Using Docker\r\n\r\nUse the following commands to start a single-node CCF network with the scitt-ccf-ledger application setup for development purposes.\r\n\r\n\u003e Note: `PLATFORM` should be set to `virtual`, or `snp` to select the type of build.\r\n\u003e Note: if `PLATFORM` is set to `snp`, additional configuration is required. Refer to [this section](DEVELOPMENT.md#amd-sev-snp-platform) for more details.\r\n\r\n```sh\r\nexport PLATFORM=\u003cvirtual|snp\u003e\r\n./docker/build.sh\r\n./docker/run-dev.sh\r\n```\r\n\r\nThe node is now reachable at https://127.0.0.1:8000/.\r\n\r\nNote that `run-dev.sh` configures the network in a way that is not suitable for production, in particular it generates an ad-hoc governance member key pair and it disables API authentication.\r\n\r\nSee the `demo/` folder on how to interact with the application.\r\n\r\n### Development setup\r\n\r\nSee [DEVELOPMENT.md](DEVELOPMENT.md) for instructions on building, running, and testing scitt-ccf-ledger.\r\n\r\n### Using the CLI\r\n\r\nTo help with the configuration of an application or to be able to interact with its API you could leverage the available CLI.\r\n\r\nThe `pyscitt` CLI is written in Python and is available on PyPi [here](https://pypi.org/project/pyscitt/). To install it, you can use the following command:\r\n\r\n```sh\r\npip install pyscitt\r\n```\r\n\r\nThe CLI is also distributed through the GitHub releases as a `wheel` file. Optionally, it can be used from within the repository using the [`./pyscitt.sh`](../pyscitt.sh) script. For example: \r\n\r\n```sh\r\n./pyscitt.sh --help\r\n```\r\n\r\nThe CLI is extensively used in the following functional tests and demo scripts:\r\n\r\n- [Transparency service demo](./demo/cts_poc/README.md)\r\n- [GitHub hosted DID demo](./demo/github/README.md)\r\n- [CLI tests](./test/test_cli.py)\r\n\r\nSee [pyscitt](pyscitt/README.md) for more details.\r\n\r\n### Reproducing builds\r\n\r\nSee [reproducibility.md](./docs/reproducibility.md) for instructions.\r\n\r\n#### Run performance regression tests for CTS\r\n\r\nA basic set of performance indicators can be obtained by building the project, and running:\r\n\r\n```bash\r\n./run_functional_tests.sh -m bencher\r\n```\r\n\r\nAlso see `.github/workflow/bencher.yml`, and the [dashboard](https://bencher.dev/console/projects/scitt-ccf-ledger/plots). This is useful to understand the potential performance impact of changes.\r\n\r\n## Contributing\r\n\r\nThis project welcomes contributions and suggestions. Please see the [Contribution guidelines](CONTRIBUTING.md).\r\n\r\n### Trademarks \r\nThis project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark \u0026 Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fscitt-ccf-ledger","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrosoft%2Fscitt-ccf-ledger","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrosoft%2Fscitt-ccf-ledger/lists"}