Note
uds-package-archivista is only a Bronze package and currently only provides a public Archivista instance. If you would like to improve the package we welcome PRs! (see Contributing below)
This package is designed for use as part of a UDS Software Factory bundle deployed on UDS Core.
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts. Archivista enables you to store and retrieve in-toto attestations, query for relationships between attestations, and validate Witness policy without the need to manually list expected attestations.
Archivista requires a Postgres database and S3 Compatible object storage. You can learn more about configuring these and other options in the configuration documentation.
The released packages can be found in ghcr.
*For local dev, this requires you install uds-cli
✅ Tip: To get a list of tasks to run you can use
uds run --list!
Please see the CONTRIBUTING.md
When developing this package it is ideal to utilize the json schemas for UDS Bundles, Zarf Packages and Maru Tasks. This involves configuring your IDE to provide schema validation for the respective files used by each application. For guidance on how to set up this schema validation, please refer to the guide in uds-common.