Everything you need to trust what you ship
ProvenanceOS gives security, legal, and engineering teams a single source of truth for software origin, dependency integrity, and policy compliance.
Scan intake is live now; AI-origin scoring, lineage, policy, and compliance reports are rolling out in phases. Each capability below is annotated with its rollout status.
AI-Origin Detection
Identify AI-generated code at the commit, file, and function level with confidence scores backed by statistical analysis.
- Per-commit AI probability scores — rolling out
- File and function-level attribution — rolling out
- Model-family detection (GPT, Claude, Copilot, etc.) — rolling out
- SBOM-level provenance metadata — coming at GA
Dependency Lineage
Map every package back to its source. Trace transitive dependencies through npm, PyPI, crates.io, Maven, and more.
- Multi-ecosystem support (npm, PyPI, crates, Maven, Go, Ruby) — coming at GA
- Transitive dependency resolution — coming at GA
- Vulnerability correlation with NVD, GHSA, OSV — coming at GA
- License compliance tracking — coming at GA
Policy Enforcement
Define provenance rules once and enforce them everywhere, with log, warn, block, or require-review actions in your CI/CD.
- Centralized policy definitions — rolling out
- GitHub Actions, GitLab CI, Jenkins integrations — coming at GA
- Pre-merge blocking with override workflows — coming at GA
- Audit trail for every policy decision — rolling out
Compliance Reporting
Generate evidence-ready reports for SOC 2, ISO 27001, NIST SSDF, and the EU AI Act without manual data wrangling.
- Compliance exports (PDF, JSON, CSV) — rolling out
- NIST SSDF (SP 800-218) mapping — rolling out
- EU AI Act Article 9 risk classification — coming at GA
- SOC 2 CC7.1 change-management evidence — rolling out
Real-Time Monitoring
Continuous monitoring of every repository, branch, and pull request, with alerts the moment provenance changes.
- Webhook-driven ingestion — coming at GA
- Slack, email, and PagerDuty alerts — coming at GA
- Drift detection (when AI usage changes) — coming at GA
- Historical timeline view per component — coming at GA
Enterprise Integrations
Plug into your existing stack. SAML SSO, audit log streaming, custom retention, and on-prem deployment options.
- SAML 2.0 / OIDC SSO — coming at GA
- Splunk, Datadog, and Snowflake log streams — coming at GA
- SCIM user provisioning — coming at GA
- Single-tenant VPC deployment — coming at GA
Ready to see it in action?
ProvenanceOS is rolling out in phases. Join the launch waitlist to be notified as AI-origin scoring, lineage, policy, and reports ship.
Get launch updates