Software Attestations

In 2022, the US government issued a memorandum requiring that all vendors they purchase software from must comply with a set of rules introduced by the US National Institute of Standards and Technologies (NIST). Along with SBOMs, attestations have become a widely discussed topic.

What is a software attestation?

A software attestation is a cryptographically signed statement about a software artifact or collection of software artifacts. It's often used as a mechanism of trust that allows a verifier to independently validate the integrity of something asserted by the provider.

What is a software attestation?​

What is a software attestation?