Determinate Secure Packages: Nixpkgs with SBOMs, FIPS, and SLA'd CVE Patching
4 months ago
- #Nixpkgs
- #software supply chain
- #security
- Determinate Systems announces Determinate Secure Packages, a solution for software supply chain security.
- Features include CVE monitoring, security scanning, SBOMs, FIPS compliance, and cryptographic signing.
- Over 1,000 packages are covered, including core languages, tools, and infrastructure-level packages.
- SLAs for CVE response times are provided, with different timelines based on severity levels.
- Determinate Secure Packages is a drop-in replacement for upstream Nixpkgs, requiring minimal changes to adopt.
- The service aims to address the variability and security risks in community-maintained Nixpkgs.
- Teams can schedule a demo or ask questions via email or Discord to get started.