Prove where every release came from. Create a traceable scan record for repositories and archives today. Join early access for AI-origin evidence, dependency lineage, policy decisions, and audit-ready exports as each capability becomes available.
Provenance confidence
87%
Source provenance
Illustrative — rolling outTop evidence signals
Dependency lineage
Available now47 dependencies traced across npm + PyPI
3 known vulnerabilities matched (OSV.dev) · 1 high · 2 medium
Policy decision
Pass — 0 policy violations
Block critical-severity dependencies on release branches
Signed evidence ID
EV-2026-07-11-A1B2C3
2026-07-11T14:32:00Z
Availability
SOC 2 Ready
Built to SOC 2 controls — Type II certification in progress
AES-256
Encryption at rest
TLS 1.3
In transit
One platform for the four questions every security, legal, and engineering team needs answered before shipping.
Scan intake is live now. AI-origin scoring, stylometric evidence, and explainable confidence reports are being rolled out behind the queued analysis workflow.
Define provenance rules for review today, with automated log, warn, block, and require-review actions planned for the worker-backed policy phase.
Track repository and archive scan requests now. Transitive npm, PyPI, and Maven lineage graphs are scheduled for the analysis-worker phase.
Prepare evidence intake now. SOC 2, EU AI Act, GDPR, and HIPAA report generation will unlock once scan results are produced.
Workflow
From signed-in upload intake to queued analysis workflow, with generated results rolling out in phases.
Upload a small archive or submit a repository URL from the authenticated app. ProvenanceOS creates a durable queued scan job.
View your scan request, source metadata, and queued status while the static-analysis worker rollout continues.
AI-origin evidence, dependency lineage, policy evaluation, and compliance exports arrive as the worker-backed phases ship.
Questions? Talk to our team
See how ProvenanceOS traces code provenance from intake to audit
ProvenanceOS is rolling out in phases. Get launch updates as AI-origin scoring, lineage, policy, and compliance reports come online.