Archivista
A graph and storage service for in-toto attestations
Archivista is a graph and storage service for in-toto attestations, enabling the discovery, retrieval, and querying of software artifact attestations. It provides a centralized, trusted store for supply chain metadata, allowing users to store, retrieve, and query relationships between attestations via a GraphQL API. Archivista enhances software supply chain security by creating a queryable graph of metadata while storing signed attestations, supporting policy validation without manual listing of expected attestations. Archivista integrates seamlessly with major cloud service providers and supports various architectures (Darwin, Windows, ARM), making it a versatile solution for securing software supply chains across different environments.
Why Deploy on UDS:
Deploying Archivista on UDS provides a robust security posture with continuous monitoring and updates. This application is pre-integrated into our DoD compliant DevSecOps platform and which provides comprehensive documentation to accelerate Authority to Operate (ATO) preparation, streamlining delivery to any mission environment.
Our DoD mission experts are available to discuss your specific mission needs and explore how this UDS-optimized solution could support your teams operations. Get started now.
Contract Vehicles Available
Through Defense Unicorns
Technical Details
- Preferred Infrastructure
- AWS GovCloud (US)
- Supported Infrastructure
- Azure Government Cloud, On-prem, Edge
Security & Compliance
- CVE Report
- Available
- SBOM
- Available
- NIST 800-53 Control Mapping
- Upon Request
- FIPS Compliant Image
- -
- 3rd Party Certified
- -
- DISA STIG
- -
- Privilege Required
- -
