UK SSCoP · EU CRA · US NIST SSDF · verifiable in any browser
Prove compliance.
Publish nothing.
Prove your releases comply with UK SSCoP, EU CRA, DORA and NIST SSDF without handing over the evidence. Colofon keeps the moving parts current: policy sets, vendor tracking, audit archive. When supply-chain guidance shifts overnight, your next release is already aligned. Your SBOM, builder identities, customer list and incident contents never leave your network.
5 verifiable claims
build provenance · dev authorisation · SBOM hygiene · incident SLA · policy composition
~184 KB bundle
verifies in any browser, no server round-trip
Managed policy sets
updated as regulators and threats move
A Colofon bundle
colofon-bundle · your-artefact@v1.2.0
verified · 412 ms
Subject · your-artefact_1.2.0_linux_amd64.tar.gz
binary_digest
sha256 bound as BN254-Fr high/low
verified
approved_builder_root
Merkle root over authorised Fulcio SAN set
verified
authorised_signer_root
Merkle root over authorised commit-signer set
verified
cve_non_membership
no component above buyer threshold · OSV-anchored
verified
notification_sla_window
DKIM-signed notifications within SLA
verified
circuit.bytecodeHash
ACIR pin · no silent bytecode swap
verified
proof_system UltraHonk · @aztec/bb.js 4.1.3
composition colofon_policy_composition
verify_surface verify.colofon.tech
Anchored to ↘
OSV.dev
DKIM · RFC 6376
GitHub Actions
§01
The compliance trust gap
Today you have two options. Neither works.
Option A
Tick the box.
Your buyer has no cryptographic way to check what you signed. Every recent major supply-chain compromise — XZ Utils, polyfill.io, 3CX, SolarWinds — ran against vendors whose paperwork said the boxes were ticked.
✕Unverifiable.
Option B
Hand over the evidence.
SBOM, attestation bundles, scan results, patch timeline, notification log. Your buyer can finally verify. You have just exposed an attack-surface map, your dependency IP, your release-manager identities, your customer list and your CVE embargo state. Disclosed once, that list is a durable briefing document — machine-readable, re-usable, and cheap to turn into a targeting plan at any later date.
✕Contractually forbidden for most defence, FCA-regulated fintech, closed-source ISV and medical-device vendors.
Colofon produces cryptographic proof of the specific claims, and nothing else.
Zero-knowledge circuits over signed evidence. The buyer gets the claim. The proof carries nothing an adversary can repurpose.
§02
How it works
Attest. Prove. Verify.
1
Attest
Your existing CI
Nothing new upstream. Keep using actions/attest-build-provenance (or equivalent) to produce a Sigstore / SLSA DSSE bundle. Keep using gitsign for commits, cosign for SBOMs, and whatever mail provider DKIM-signs your customer notifications.
- uses: actions/attest-build-provenance@v1
id: attest
with:
subject-path: dist/your-artefact.tar.gz2
Prove
colofon-agent
The Colofon GitHub Action reads your signed inputs and generates zero-knowledge proofs for each in-scope claim. Proofs compose into a single bundle that commits to the exact circuit bytecode, so nothing silently changes underneath.
- uses: colofonhq/colofon-agent@v1
with:
attestation-bundle: ${{ steps.attest.outputs.bundle-path }}
approved-builders-file: .colofon/builders.txt
sbom-path: dist/sbom.cdx.json3
Verify
verify.colofon.tech
The buyer drops the bundle into the browser verifier. Verification runs locally; the proof never leaves the tab. The buyer sees a list of cryptographically-attested claims, and nothing the proof doesn't explicitly reveal.
drop colofon-bundle.json → load ACIR · pin bytecodeHash → UltraHonk verify (local) → ✓ binary_digest · builder_root · signer · cve · sla
§03
The five claims
Named claims. Signed inputs. Private witness.
A claim earns an in-circuit proof only when a trusted signed input exists upstream and the raw evidence cannot be published. Everything else ships as a plain signed attestation.
Signed input
CycloneDX SBOM · OSV.dev snapshot · purl-canonicalised
Stays private
the SBOM itself · your dependency tree
Example claim
"No dependency in this release has an unpatched Critical CVE older than 30 days."
§04
Trust model
Anchored to public transparency logs. Vendor signatures are never the root.
Every signed input descends from a public transparency log: Sigstore Rekor, OSV.dev, DKIM. The verifier reads the current upstream state and composes its inclusion proof against it. “Trust the vendor” is never a step in the chain. The proof carries the claim; nothing in the proof trains an attacker.
Tier 1Sigstore-provenance verified
Rekor inclusion proof over a publisher-signed attestation.
Tier 2Registry integrity hash
Verifiable via HTTPS, not Merkle-anchored.
Tier 3Vendor-attested fallback
Weakest tier. Composed into coverage ratio, never hidden.
§04b
Posture
What Colofon does not do.
✕
We do not see your SBOMs, attestations, commit history, customer list or incident contents. Witnesses are built client-side.
✕
We do not re-host your signed inputs. Colofon reads what Sigstore, OSV and your mail provider already publish.
✕
We do not run blockchain infrastructure. No token, no chain, no custody.
✕
We do not yet have an independent cryptographic audit. One is in progress; the whitepaper is the current reference.
§05
The continuous layer
Compliance, kept current.
No vendor black box: your buyers’ security team can audit the cryptographic tooling independently. The work that has to stay current — policy sets, vendor tracking, audit archive — is the subscription. When an XZ Utils or polyfill.io rewrites the approved-builder list overnight, your next release is already aligned.
01
Policy sets
Named, versioned rulebooks for the frames your buyers demand.
UK-Defence-Baseline-v2026.Q2 pins the approved-builder tree, the CVE severity and age thresholds, the incident-notification SLA, the DKIM domain list. Your agent pulls the current version; your proofs commit to it. We ship updates quarterly and whenever a regulator moves, so when CRA reporting kicks in on 11 September 2026, your next release is already aligned.
UK SSCoP · NCSC / DSIT
EU CRA · Art. 13 + 14
EU DORA · ICT risk + third-party
US NIST SSDF · SP 800-218
02
Buyer dashboard
One place to see whether your supply chain is currently compliant.
Your procurement or security team adds vendors, subscribes to policy sets, and receives bundles on every release. The dashboard surfaces expiring certificates, policy drift, and which vendors are currently passing. An audit trail is produced on demand when a regulator asks.
Vendor-by-vendor status
Policy-version drift alerts
Audit-ready archive
Export to your GRC tool
03
Hosted prover
Proving that runs outside your CI.
Proving an aggregated bundle takes minutes. Hand it off to Colofon’s hosted prover and your CI stays fast. Witness material is decrypted only inside an ephemeral prover instance, the proof is returned, the witness is destroyed. If that isn’t acceptable for your data-handling policy, the prover runs in your own infrastructure with identical results.
Per-proof pricing
Ephemeral witness handling
Self-host fallback included
§06
Regulatory alignment
One bundle. Four regulatory frames.
Frame
Full name
Source
What Colofon proves
UK SSCoP
Software Security Code of Practice
DSIT / NCSC
Build provenance, developer authorisation, SBOM hygiene, incident-notification SLA, all verifiable to a buyer without disclosing evidence.
EU CRA
Cyber Resilience Act
Art. 13 SBOM · Art. 14 vuln reporting
Your SBOM exists and contains no unpatched CVEs above the buyer's threshold, without the SBOM leaving your network.
EU DORA
Digital Operational Resilience Act
ICT risk · third-party reporting
The same provenance and SBOM-hygiene claims, framed for financial entities and their ICT suppliers.
US NIST SSDF
Secure Software Development Framework
SP 800-218 · PS.1 · PS.2 · PW.4.5 · RV.1
Signed commits, build provenance, vulnerability-remediation evidence, without disclosing developer identities or the attestation payload.
Compliance you can prove.
Posture we keep current.
Posture we keep current.
When DORA tightens an SLA or the next XZ Utils rewrites the approved-builder list, your next release is already aligned. Colofon runs the policy set, the vendor tracking and the audit archive. Your witness material stays in your network; your buyers verify in any browser.