Reproducible identifiers & fine-grained build dependency tracking for software artifacts.

OmniBOR defines two key concepts, Artifact IDs and Input Manifests, that enable anyone to independently produce the same identifier for any software artifact, and to detect any artifact built with vulnerable inputs.

Artifact IDs

Reproducible identifiers based only on an artifact itself.

Learn more ↗

Input Manifests

Records of Artifact IDs for artifact build inputs.

Learn more ↗