This repository contains the source code for scitt-ccf-ledger, an application that runs on top of CCF implementing draft standards developed within the IETF SCITT WG. Its purpose is to provide provenance for artefacts in digital supply chains, increasing trust in those artefacts. scitt-ccf-ledger achieves this by allowing signed claims about artefacts to be submitted to a secure immutable ledger, and returning receipts which prove claims have been stored and registration policies applied.
This research project is at an early stage and is open sourced to facilitate academic collaborations. We are keen to engage in research collaborations on this project, please do reach out to discuss this by opening an issue.
The instructions below guide you through building and deploying a local instance of scitt-ccf-ledger for development and testing purposes.
Being a CCF application, scitt-ccf-ledger runs in SGX enclaves. However, for testing purposes, it also supports running on non-SGX hardware in what is called virtual mode.
All instructions below assume Linux as the operating system.
Use the following commands to start a single-node CCF network with the scitt-ccf-ledger application setup for development purposes.
PLATFORM should be set to
virtual to select the type of build.
The node is now reachable at https://127.0.0.1:8000/.
run-dev.sh configures the network in a way that is not suitable for production, in particular it generates an ad-hoc governance member key pair and it disables API authentication.
demo/ folder on how to interact with the application.
Official Github: https://github.com/microsoft/scitt-ccf-ledger