Open ecosystem

Components for
Evidence Packs

Collectors gather evidence from external systems. Tools analyze and transform packs. Mix and match to build your workflow.

brew install locktivity/tap/epack
Get Started
Open source
Sigstore signed
No lock-in
1
Tools
Policy, risk, mapping
0
Utilities
View, diff, export
0
Collectors
GitHub, AWS, Okta
0
Remotes
Push/pull registries

Four types of components

Evidence Packs are just ZIP files with a manifest. Components extend what you can do with them.

Collectors

Pull artifacts from external systems: GitHub, AWS, Okta, Jira. Each collector handles authentication and data normalization.

epack collect github

Tools

Perform compliance analysis. Run policy checks, map to frameworks, score risk, generate timelines.

epack tool policy check

Utilities

Helper tools for working with packs. Browse contents, compare changes over time, export to various formats.

epack utility viewer

Remotes

Push and pull packs to external registries. Handle authentication, uploads, and release management.

epack push locktivity

Tools

Process and analyze packs
View all →
SC

scan-secrets

v0.1.0

Scan evidence pack artifacts for potential secrets and credentials

Utilities

View, diff, and export packs
View all →

Collectors

Pull artifacts from external systems
View all →

Remotes

Push and pull to external registries
View all →

Build your own components

Components follow a simple protocol. Write collectors and tools in any language.

Component Protocol View on GitHub