Wisec – Enhancing software supply chain security with cryptographic build verification

Summary: Wisec secures software supply chains by cryptographically signing builds with ED25519, storing immutable provenance on IPFS, and detecting behavioral anomalies such as new dependencies or unknown contributors. It integrates via a single agent added to CI pipelines without storing source code.

What it does

Wisec adds an agent to GitLab CI or GitHub Actions pipelines that signs every build, records provenance on IPFS, and uses anomaly detection to identify risks before deployment.

Who it's for

It targets DevOps and security teams seeking to verify build integrity and monitor supply chain risks.

Why it matters

It addresses rising supply chain attacks by ensuring build authenticity and detecting suspicious changes in real time.