Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder
By
3 min read
Attestations, or as we like to call them, evidence, are a critical piece to proving software supply chain integrity and security. However, without the right tools and processes, reviewing and verifying attestations can be time-consuming. At JFrog, we’re deeply committed to empowering developers, DevOps, and Security teams to make these complex workstreams as simple as possible.
To that end, we’re excited to introduce the DSSE Attestation Online Decoder, a free tool we built for the developer community, designed to simplify the verification of DSSE (Dead Simple Signing Envelope) envelope JSON. Now you can take your DSSE envelope, and turn it into a decoded, verified evidence payload in a matter of seconds. Keep reading to learn more about DSSE, how the free DSSE Attestation Online Decoder works, and how you can benefit from it.
What is DSSE?
DSSE, or Dead Simple Signing Envelope, is a standard JSON format for signing arbitrary data. DSSE is a widely accepted format for attesting software supply chain security, particularly for SLSA provenance and attestations verification, in-toto verification, and Sigstore. DSSE can also fit into your workflows around compliance, aligning with global regulations such as SOC2, GDPR, HIPAA, PCI-DSS, FISMA, CCPA, DFARS, CRA and more.
Available Now: Our Free DSSE Attestation Online Decoder
Our new free DSSE Attestation Online Decoder provides a user-friendly approach to verifying DSSE envelopes and extracting their evidence payloads. You can view the signed payload, understand its contents, and verify its integrity in just seconds.
Using the tool is easy: simply paste your DSSE JSON into the tool, as well as your public key (for signature verification, if desired). Our Decoder will parse your DSSE envelope, decoding the payload into human-readable content.
So How Does It All Work?
Using our tool helps you verify evidence in a matter of seconds. See how it works in this quick demo video:
Take the Next Step with JFrog’s Evidence Collection
Once you have your verified evidence files, you can then integrate your evidence into your GRC efforts with automated evidence capture, such as JFrog Evidence Collection. To learn more, take a tour of our platform, or speak to a JFrog team member.
Train and Learn with the Best in DevOps, DevSecOps, Al, and MLOps!
