Confirm an attestation in your own browser.
Drag in an attestation and its pipeline-events.jsonl chain. The audit log is re-hashed with SHA-256, link by link, back to the GENESIS sentinel. No account. No upload.
Drop your attestation files here
attestation .json · chain pipeline-events.jsonl · optional .sigstore.json
Demo data is synthetic — no real paths, identities, or secrets.
Audit-chain integrity
Re-hashes every line and checks the links back to GENESIS. Proves the log was not edited.
Predicate equivalence
Confirms the signed payload is byte-for-byte the attestation you are holding.
Signature (Sigstore)
Cryptographic cert/Rekor verification is not done in-browser. Here is how to verify it for real.
What green means: the log is unaltered and internally consistent. Who it's from is proven only by the signature — and that is checked with cosign or occasio attest verify, not in this browser. Two green checks ≠ "trusted source."