Skip to main content

Crate vanta_security

Crate vanta_security 

Source
Expand description

vanta-security — verification and policy (the fail-closed gate).

Provides the checksum gate (SHA-256 / BLAKE3), Ed25519/minisign signature verification (see sign), and the organization policy model. An artifact that fails any required check is rejected rather than trusted. See docs/15-security.md and docs/21-threat-model.md.

Re-exports§

pub use sign::minisign_verify;
pub use sign::parse_minisign_pubkey;
pub use sign::MinisignKey;

Modules§

sign
Minisign (Ed25519) signature verification (docs/15-security.md).
trust
Pinned-root trust model for the registry index (audit C1).

Structs§

Policy
Org policy governing what may be installed (docs/14-enterprise.md).

Functions§

blake3_file
Stream a file through BLAKE3, returning lowercase hex.
sha256_file
Stream a file through SHA-256, returning lowercase hex.
verify_file
Verify a file against an expected checksum, fail-closed. Unknown algorithms are rejected (never silently passed). VTA-VRF-0001 on mismatch.