CCF-Based SCITT Ledger: Ensuring Supply Chain Integrity
This repository contains the source code for scitt-ccf-ledger, an application that runs on top of CCF implementing draft standards developed within the IETF SCITT WG. Its purpose is to provide provenance for artefacts in digital supply chains, increasing trust in those artefacts. scitt-ccf-ledger achieves this by allowing signed claims about artefacts to be submitted to a secure immutable ledger, and returning receipts which prove claims have been stored and registration policies applied.
This research project is at an early stage and is open sourced to facilitate academic collaborations. We are keen to engage in research collaborations on this project, please do reach out to discuss this by opening an issue.
Getting Started
The instructions below guide you through building and deploying a local instance of scitt-ccf-ledger for development and testing purposes.
Being a CCF application, scitt-ccf-ledger runs in SGX enclaves. However, for testing purposes, it also supports running on non-SGX hardware in what is called virtual mode.
All instructions below assume Linux as the operating system.
Using Docker
Use the following commands to start a single-node CCF network with the scitt-ccf-ledger application setup for development purposes.
Note: PLATFORM should be set to sgx or virtual to select the type of build.
export PLATFORM=<sgx|virtual>
./docker/build.sh
./docker/run-dev.sh
The node is now reachable at https://127.0.0.1:8000/.
Note that run-dev.sh configures the network in a way that is not suitable for production, in particular it generates an ad-hoc governance member key pair and it disables API authentication.
See the demo/ folder on how to interact with the application.
Download Details:
Author: Microsoft
Official Github: https://github.com/microsoft/scitt-ccf-ledger
License: MIT
