Prove what your CI pipeline built, from what, and when.

CI Evidence Pack generates structured evidence packages from CI/CD pipeline runs. Each package captures build metadata, artifact hashes, environment details, and provenance records in a tamper-evident format that can be verified, stored, or attached to release artifacts.

View on GitHub See all products

Why it matters

Supply chain security starts at the build.

Build provenance is increasingly required

Frameworks like SLSA and compliance standards are moving toward requiring verifiable build provenance. Evidence packages create the records these standards expect.

Artifact integrity needs proof

Knowing that a release artifact was built from a specific commit, on a specific runner, at a specific time, and being able to prove it, is a baseline requirement for supply chain trust.

Audit trails should be automatic

Manually documenting build details is error-prone and unreliable. CI Evidence Pack generates the evidence automatically as part of the pipeline, not as an afterthought.

Works with any CI system

CI Evidence Pack runs as a CLI command in any pipeline that supports shell execution: GitHub Actions, GitLab CI, Jenkins, CircleCI, Azure DevOps, and others.

Built with

CLI-first, CI-native, zero dependencies on external services.

CLI Supply chain security SLSA Build provenance Artifact hashing Open source

FAQ

Common questions about CI Evidence Pack.

A CLI tool that generates structured evidence packages from CI/CD pipeline runs, capturing build metadata, artifact hashes, environment details, and provenance records for supply chain security and audit compliance.
Yes. CI Evidence Pack is open source and free to use under its license on GitHub.
CI Evidence Pack works with any CI/CD system that can run CLI commands, including GitHub Actions, GitLab CI, Jenkins, CircleCI, and Azure DevOps.
Supply chain security frameworks like SLSA and compliance standards increasingly require provable build provenance. Evidence packages create a verifiable record of what was built, from what source, in what environment, and with what result.

Built by Orygn

CI Evidence Pack is one of several open-source tools Orygn has built for supply chain and operational security.

Orygn builds custom software, security tooling, and infrastructure-level systems. CI Evidence Pack is a working example of that approach applied to build provenance and supply chain integrity.

View on GitHub