Open ecosystem

Components for
Evidence Packs

Collectors gather evidence from external systems. Tools analyze and transform packs. Mix and match to build your workflow.

brew install locktivity/tap/epack
Get Started
Open source
Sigstore signed
No lock-in
2
Tools
Policy, risk, mapping
0
Utilities
View, diff, export
3
Collectors
GitHub, AWS, Okta
1
Remotes
Push/pull registries

Four types of components

Evidence Packs are just ZIP files with a manifest. Components extend what you can do with them.

Collectors

Gather evidence from external APIs. Each collector handles authentication, pagination, and data normalization.

epack collect github

Tools

Perform compliance analysis. Run policy checks, map to frameworks, score risk, generate timelines.

epack tool policy check

Utilities

Helper tools for working with packs. Browse contents, compare changes over time, export to various formats.

epack utility viewer

Remotes

Publish and retrieve packs from external storage. Each remote handles authentication and transfers.

epack push locktivity

Tools

Process and analyze packs
View all →

scan-secrets

v0.1.0

Scan evidence pack artifacts for potential secrets and credentials

validate

v0.1.4

Validates evidence packs against compliance profiles

Collectors

Gather evidence from external APIs
View all →

github

v0.1.9

Collects GitHub organization security posture metrics

okta

v0.1.6

Collects Okta organization security posture metrics

aws

v0.1.16

Collects AWS organization security posture metrics

Remotes

Publish and retrieve from external storage
View all →

locktivity

v0.1.5

Push and pull evidence packs to Locktivity

Build your own components

Components follow a simple protocol. Write collectors and tools in any language.

Build Components View on GitHub