Skip to content
@getprovenant

Provenant

Open-source ecosystem for software provenance, license & copyright compliance, and SBOMs.

Provenant

The open-source ecosystem for software provenance, license & copyright compliance, and SBOMs.

This organization is the home of Provenant — open-source tooling for understanding what is really inside your software and its supply chain: the licenses, copyrights, package metadata, dependencies, and provenance behind everything you ship.

At its heart is a fast, Rust-based scanner, with the pieces built around it to run the same scans everywhere — on your machine, in CI, in containers, and through your package manager. Everything here follows one principle: results should be accurate, explainable, safely bounded, and fast enough to run anywhere.

In this organization

  • provenant — the core scanner: a CLI, an HTTP service, and an embeddable Rust library. Apache-2.0.
  • provenant-action — the official GitHub Action for running Provenant scans in your CI workflows.
  • homebrew-tap — the Homebrew tap for installing Provenant on macOS and Linux.

Install & run

Channel Get started
Cargo cargo install provenant-cli
Homebrew brew install getprovenant/tap/provenant
Container docker run -v "$PWD:/src" ghcr.io/getprovenant/provenant scan /src --json-pp -
GitHub Actions uses: getprovenant/provenant-action@v1
Binaries Prebuilt archives on the releases page

Start with the main repository for documentation, usage, and the output schema.

Pinned Loading

  1. provenant provenant Public

    Fast Rust scanner for licenses, copyrights, package metadata, SBOMs, and provenance data.

    Rust 36 6

Repositories

Showing 4 of 4 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…