// artifact family
software supply chain forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- github actions artifact provenance forensic analyzerdrop github actions provenance attestation export · parse builder + materials + subject digest · runs locally
- npm package provenance attestation forensic analyzerdrop npm sigstore provenance bundle · parse publisher + build config + tarball digest · runs locally
- sigstore rekor transparency log forensic analyzerdrop rekor log entry export · parse uuid + integrated time + tlog index · runs locally
- slsa build provenance metadata forensic analyzerdrop slsa v1 provenance json · parse builder id + invocation + materials · runs locally
- dependency confusion package metadata forensic analyzerdrop registry metadata export corpus · detect internal name collisions + scope drift · runs locally
- container image sbom layer forensic analyzerdrop syft/cyclonedx sbom + layer manifest · parse package → layer mapping + base image chain · runs locally
- pypi release integrity forensic analyzerdrop pypi release metadata export · parse sdist/wheel hashes + yanked + maintainer timeline · runs locally
- maven central artifact signature forensic analyzerdrop maven artifact + asc signature export · parse gpg key id + signature validity hints · runs locally
- cargo crate yanked audit forensic analyzerdrop crates.io index audit export · parse yank reason + version timeline + owner changes · runs locally
- software supply chain typosquat cluster detectordrop package name corpus export · cluster levenshtein neighbors + publish burst patterns · runs locally