Skip to main content

Everything you need to trust what you ship

ProvenanceOS gives security, legal, and engineering teams a single source of truth for software origin, dependency integrity, and policy compliance.

Scan intake is live now; AI-origin scoring, lineage, policy, and compliance reports are rolling out in phases. Each capability below is annotated with its rollout status.

AI-Origin Detection

Identify AI-generated code at the commit, file, and function level with confidence scores backed by statistical analysis.

  • Per-commit AI probability scores — rolling out
  • File and function-level attribution — rolling out
  • Model-family detection (GPT, Claude, Copilot, etc.) — rolling out
  • SBOM-level provenance metadata — coming at GA

Dependency Lineage

Map every package back to its source. Trace transitive dependencies through npm, PyPI, crates.io, Maven, and more.

  • Multi-ecosystem support (npm, PyPI, crates, Maven, Go, Ruby) — coming at GA
  • Transitive dependency resolution — coming at GA
  • Vulnerability correlation with NVD, GHSA, OSV — coming at GA
  • License compliance tracking — coming at GA

Policy Enforcement

Define provenance rules once and enforce them everywhere, with log, warn, block, or require-review actions in your CI/CD.

  • Centralized policy definitions — rolling out
  • GitHub Actions, GitLab CI, Jenkins integrations — coming at GA
  • Pre-merge blocking with override workflows — coming at GA
  • Audit trail for every policy decision — rolling out

Compliance Reporting

Generate evidence-ready reports for SOC 2, ISO 27001, NIST SSDF, and the EU AI Act without manual data wrangling.

  • Compliance exports (PDF, JSON, CSV) — rolling out
  • NIST SSDF (SP 800-218) mapping — rolling out
  • EU AI Act Article 9 risk classification — coming at GA
  • SOC 2 CC7.1 change-management evidence — rolling out

Real-Time Monitoring

Continuous monitoring of every repository, branch, and pull request, with alerts the moment provenance changes.

  • Webhook-driven ingestion — coming at GA
  • Slack, email, and PagerDuty alerts — coming at GA
  • Drift detection (when AI usage changes) — coming at GA
  • Historical timeline view per component — coming at GA

Enterprise Integrations

Plug into your existing stack. SAML SSO, audit log streaming, custom retention, and on-prem deployment options.

  • SAML 2.0 / OIDC SSO — coming at GA
  • Splunk, Datadog, and Snowflake log streams — coming at GA
  • SCIM user provisioning — coming at GA
  • Single-tenant VPC deployment — coming at GA

Ready to see it in action?

ProvenanceOS is rolling out in phases. Join the launch waitlist to be notified as AI-origin scoring, lineage, policy, and reports ship.

Get launch updates

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more