
Today we are proud to announce that two leading Open Source projects, Home Assistant and AlmaLinux are now providing independent cryptographic validation services for our CAS community attestation service.
When we launched CAS – the fully free and open source community attestation service, we had a bright vision to help ensure that open source developers around the world would be able to easily provide supply chain security for their projects. We’ve seen adoption by some of today’s leading Open Source projects including Home Assistant and AlmaLinux and started thinking about what further layers we could add to help increase the security and transparency of CAS.
In addition to preserving your privacy by never uploading your data, only the unique digital hash, CAS is backed by immudb, the open source immutable database, which ensures that the all the data in CAS cannot be tampered with. This is done via cryptographic proofs which can be verified by any client anywhere. These new cryptographic validation service run totally independently of the CAS service, at the respective projects and periodically fetch a fresh status from the immudb instance on which CAS is built. They then verify the integrity compared to an older one stored locally. The validation service checks if the previous state is “included” in the new state of immudb. A REST service then allows the user to query the status of the validation via the Web UI to visualize data, including the latest proof value.
Having two independent validators at two separate projects allows anyone to check them against each other and verify the consistency of the data that is being provided.
If you’re an open source developer and are serious about the security of your project, please check out CAS and give it a try. If you’d like any help integrating CAS into your project, feel free to stop by the CAS Discord Server to chat with us!