Expand description
vanta-security — verification and policy (the fail-closed gate).
Provides the checksum gate (SHA-256 / BLAKE3), Ed25519/minisign signature
verification (see sign), and the organization policy model. An artifact
that fails any required check is rejected rather than trusted. See
docs/15-security.md and docs/21-threat-model.md.
Re-exports§
pub use sign::minisign_verify;pub use sign::parse_minisign_pubkey;pub use sign::MinisignKey;
Modules§
- sign
- Minisign (Ed25519) signature verification (
docs/15-security.md). - trust
- Pinned-root trust model for the registry index (audit C1).
Structs§
- Policy
- Org policy governing what may be installed (
docs/14-enterprise.md).
Functions§
- blake3_
file - Stream a file through BLAKE3, returning lowercase hex.
- sha256_
file - Stream a file through SHA-256, returning lowercase hex.
- verify_
file - Verify a file against an expected checksum, fail-closed. Unknown algorithms
are rejected (never silently passed).
VTA-VRF-0001on mismatch.