Show HN: ISC Core – Deterministic CI Artifact Attestation(github.com)

1 pointby arekon_553 hours ago1 comment

arekon_553 hours ago
Author here.
ISC Core enforces deterministic artifact verification at the CI boundary. If canonicalization drifts or hashes change, promotion is blocked.
Quick start is in the README (60-second verification) and verification works fully offline.
I’d especially appreciate critical feedback on the threat model and integrity boundaries.
- arekon_552 hours ago
  "Let me explain what this actually solves: You merge a PR. CI passes. You deploy. Three days later someone asks 'was this build identical to what was tested?' You have no answer. ISC Core gives you that answer. Every artifact gets a hash at the CI boundary. If anything drifts — canonicalization, policy, anything — promotion is blocked before it hits prod. 60 seconds to verify. Works offline. No vendor dependency. What problem are you solving around build reproducibility right now?"