Product Information
What is Oss rebuild?
Securing the open-source package ecosystem by initiating, verifying, and enhancing build proofs. OSS Rebuild aims to apply the concept of reproducible builds to the open-source package ecosystem in a cost-effective and scalable manner.
Rebuilds are derived by analyzing published metadata and artifacts, evaluated against upstream package versions. Upon success, a build proof for the upstream artifact is published, verifying the integrity of the upstream artifact and eliminating many potential sources of compromise.
We currently support the following ecosystems:
NPM (JavaScript/TypeScript)
PyPI (Python)
Crates.io (Rust)
While the goal is full coverage, currently only the most popular packages in each ecosystem are being rebuilt.
How to use Oss rebuild?
OSS Rebuild protects the open-source software package ecosystem by generating, verifying, and enhancing build proofs, aiming to achieve reproducible builds at low cost and large scale.
Core Functions of Oss rebuild
Security-focused
CI/CD
NPM
Usage Scenarios of Oss rebuild
- Protect open-source packages in the NPM (JavaScript/TypeScript) ecosystem
- Protect open-source packages in the PyPI (Python) ecosystem
- Protect open-source packages in the Crates.io (Rust) ecosystem
- Verify the integrity of upstream artifacts
- Eliminate many potential sources of compromise
Common Questions about Oss rebuild
What does OSS Rebuild do?
How do I use OSS Rebuild?
What are the core features of OSS Rebuild?
What are the use cases for OSS Rebuild?
