Free for the Community, Built by JFrog: Introducing the DSSE Attestation Online Decoder

Attestations play a crucial role in ensuring software supply chain security, but the process of verifying these attestations can be cumbersome without the right tools. JFrog has introduced a free DSSE Attestation Online Decoder, aimed at simplifying the verification of DSSE (Dead Simple Signing Envelope) envelopes, a standard JSON format for attesting software supply chain security. The tool allows users to easily decode and verify DSSE envelopes by pasting the JSON and, if desired, a public key for signature verification, making the evidence payload human-readable within seconds. This innovation supports compliance with global regulations and enhances workflows related to SLSA provenance, in-toto verification, and Sigstore, while also integrating with JFrog's automated evidence collection for governance, risk, and compliance efforts.