Open Source ยท Apache 2.0

Ground your infrastructure.
Attest your controls.
Qualify your people.
Vet your software.

A suite of open-source tools for deploying, enforcing, proving compliance, and verifying software supply chains in AWS Secure Research Environments.

Get started with attest Explore the suite
# 1. deploy correct foundations
ground deploy --config ground.yaml
โœ“ Organization provisioned
# 2. compile and enforce controls
attest init && attest compile && attest apply
โœ“ 110 controls โ€” 9 enforced, 21 partial, 80 AWS-covered
# 3. scan and generate evidence
attest scan && attest generate ssp
โœ“ Compliant โ€” SSP generated from live state

The Provabl Suite

Four tools, one compliance loop โ€” over a shared attestation kernel. Each has exactly one job.

Infrastructure
ground

Deploy a correctly-configured AWS organization foundation. Makes zero compliance claims โ€” attest scan does that.

  • Account structure: management, security, network, workload OUs
  • Transit Gateway, VPCs, VPC endpoints with org conditions
  • GuardDuty, Security Hub, Macie โ€” on by default
  • Permission boundaries that actually restrict (Deny-scoped)
  • Tagging SCPs with per-tag OR logic
Compliance
attest

Compile frameworks into deployed policy artifacts. Enforce continuously. Generate audit evidence from live AWS state.

  • CMMC L1/L2/L3, HIPAA, FedRAMP, NIH, ITAR, GDPR
  • Compiles to SCPs, Cedar policies, AWS Config rules
  • Continuous Cedar PDP enforcement via EventBridge
  • Generates SSP, OSCAL, SPRS, DMSP from live state
  • AI navigator surfaces obligations before they become violations
People
qualify

Train and qualify users before granting access. Completion writes IAM role tags that Cedar evaluates in real time.

  • CUI, HIPAA, FERPA, ITAR, data classification modules
  • Writes attest:* IAM tags โ€” Cedar-evaluable immediately
  • Training expiry tracking, automated access revocation
  • NIH NOT-OD-26-017 research security training
  • Lab onboarding wizard with project context capture
Software
vet

Verify software artifacts before they access sensitive data. Where qualify qualifies the person, vet qualifies the software.

  • Sign artifacts via Sigstore keyless signing (cosign)
  • Verify SLSA provenance โ€” minimum level configurable
  • Generate and attest SBOMs (SPDX/CycloneDX via syft)
  • Write Cedar workload attributes for attest's Cedar PDP
  • CI/CD gate: block unverified workloads from CUI data access

The Foundation Beneath the Suite

The four tools gather and appraise evidence through one shared kernel โ€” and the runtime itself is attested.

Attestation kernel
evidence

A policy decision point answers "is this allowed?" โ€” not "is this fact true, and how do I know?" evidence is the layer that answers the second question. It is the Copland attestation model โ€” terms, typed evidence, appraisal, freshness โ€” in Go, sitting one layer below Cedar. Each tool registers as one (ASP, appraiser) pair; appraisal produces a verdict, and Cedar acts on it. The two never merge.

  • Appraised, fresh facts โ€” not bare, forgeable assertions
  • Challenge/response freshness spine (nonce + signature) in the kernel
  • One lowering path to Cedar attributes โ€” surfaces overall pass as attested
  • vet, qualify & attest each become a registered evidence provider
  • attest stays the decision point โ€” it consumes the kernel, never absorbs it
Runtime attestation
nitro

The other layers attest config, software, and people โ€” nitro attests the runtime: proving the node about to touch sensitive data is a known-good AWS Nitro Enclave. It verifies the enclave's signed attestation document through the kernel and writes the result where the suite already reads it.

  • Verifies COSE/CBOR Nitro attestation docs to the embedded AWS Nitro root
  • Native nonce binding + PCR policy via the evidence kernel
  • Writes .nitro/attestation.json โ†’ attest's context.platform.*
  • Tags the role attest:nitro-attested โ†’ ground's IAM SCP gates on it
  • The producer that closes the runtime-attestation loop end to end

On the Roadmap

Two tools specified, not yet built. Each has a published spec; neither has a repo yet.

Infrastructure
vendorSpec

An AWS account vendor โ€” lighter than Control Tower / Account Factory, Provabl-integrated. Vends compliant accounts on demand into a ground-deployed (or any) org. Sibling to ground.

  • On-demand AWS account vending under any target OU
  • Catalog-driven SRE types โ€” correct baseline applied at birth
  • Reuses ground's baseline stacks; runs attest compile pre-flight
  • Drops into a ground org, a hand-built org, or under AFT
  • Exports a per-account meta for attest init
Observability
observeSpec

A continuous, cross-account observability plane over the whole suite โ€” a background process, visual in at least one modality. Read-only: it watches what the other tools decide, across the estate.

  • Aggregates every tool's outputs across all accounts/SREs
  • Live estate dashboard โ€” posture, decisions, training, gates, attestation
  • Correlates signals across tools (denial โ†” training โ†” workload)
  • Trend & drift over time; cross-account alerting
  • Complements attest's per-org evaluation โ€” never decides or writes policy

How It Works Together

Each tool has one job. Together they close the compliance loop.

# Step 1 โ€” ground deploys correct foundations
ground deploy --config ground.yaml
โœ“ Org structure, network, identity, logging, security baseline provisioned โœ“ Permission boundaries enforced, VPC endpoint policies org-scoped
# Step 2 โ€” attest discovers, compiles, and enforces
attest init --region us-east-1
attest frameworks add cmmc-level-2 hipaa
attest compile --scp-strategy merged
attest apply --approve
โœ“ 110 controls compiled โ†’ 1 merged SCP, Cedar policies active
# Step 3 โ€” qualify gates access by training completion
# user completes CUI + HIPAA modules in qualify
โœ“ IAM role tagged: attest:cui-training=true, attest:hipaa-training=true โœ“ Cedar PDP re-evaluates โ€” access granted automatically
# Step 4 โ€” vet verifies workload before data access
vet verify pipeline:v1.2 --min-slsa-level 2
โœ“ SLSA L2 provenance verified, no critical CVEs, Cedar attributes written
# Step 5 โ€” attest makes the compliance claim
attest scan
attest generate ssp --framework cmmc-level-2
โœ“ Compliant โ€” 9 enforced, 21 partial, 80 AWS-covered, 0 gaps / 110 controls โœ“ SSP generated from live AWS state โ€” not manually assembled

Design Principles

Built for SREs and compliance officers who cannot afford surprises.

Separation of Claims

ground makes zero compliance claims. It deploys correct foundations. attest makes the claim โ€” only after attest scan on live state.

Policies Are Tested

Every IAM boundary, SCP, and Cedar policy ships with unit tests. Permission boundaries are verified to deny privilege escalation before they deploy.

Live State, Not Documentation

Evidence is generated from what is actually deployed. SSPs, OSCAL, and SPRS reflect the real posture at scan time โ€” not what someone wrote in a doc.

Training Gates Access

qualify writes IAM tags on training completion. Cedar policies evaluate those tags before granting data access. No training means no access โ€” enforced at the policy level.

Appraised, Not Asserted

Facts the policy engine trusts โ€” training completion, workload provenance โ€” are appraised evidence with a freshness challenge, produced through the evidence kernel. Not bare tags anyone could forge.

Open Core

Compilers, policy schemas, CLI tools, and framework definitions are open source. Commercial features fund ongoing development.

Proactive, Not Reactive

The AI navigator surfaces obligations before they become violations. Training expiry, DUC renewals, CMMC windows โ€” flagged 30โ€“90 days out.