Software Supply Chain Transparency Log

SourceHub is a trust protocol, acting as the transparency log for the Source ecosystem

verify https assets with a public transparency log

Signature Transparency Log designed for ease of use, low cost, and minimal maintenance

keep tabs on Go modules

🥸 Experimental p2p gossip network for OpenPGP signature transparency 🥸

A collection of open source tlog tooling.

PHP Implementation of the Public Key Directory Server

Transparenty Immutable Container Image Tags

Cryptographic, immutable, append only software release ledger.

A very simple certificate transparency log scraper for a very specific use case.

kernel.org transparency log monitor

Transparency and auditability of electoral data

Verifiable Usage Receipts for AI APIs. Cryptographic proof that your token bill is real. Ed25519 + Fulcio signing, RFC 6962 Merkle proofs, Trillian Tessera log, C2SP witness cosigning, Rekor public anchoring, Rust tokenizer verification. No blockchain.

track and archive ssh keys from different git users, local-first, within your own local transparency log, see https://paepcke.de/keys (app/lib/api)

Append-only event kernel with Ed25519-signed Merkle checkpoints. Every AI action gets a verifiable receipt.

The Merkle Merge Tree (MMT) data structure implements an insert-only multiset supporting exclusion proofs

ssh key transparency log, generated via https://paepcke.de/gitkeys

Verifiable agent identity for A2A and MCP. Cryptographic claims, append-only transparency log, recovery-key revocation. Apache 2.0.

Issue tracking GitHub repository for squad members and community maintainers on RFC voting, moderation actions and other actions that may affect the organization and its community.