Trust Artifacts

Verifiable Compliance Evidence

Trust Artifacts are cryptographically signed, machine-verifiable attestations that prove your security and compliance posture. Embed them in READMEs, share with auditors, or verify programmatically via API.

Install GitHub App View Example Artifact

Example Trust Artifact Badge Format

HAIEC

|SOC2 Evidence Ready

Click to verifyCryptographically signedMachine-readable JSON

Try It On Your Repo

Install the GitHub App on your own repository, open a PR, and see your first artifact.

View Example Repo Install on Your Repo

3 steps: Install on your repo → Open PR → View artifact comment

What Are Trust Artifacts?

Unlike traditional compliance certificates, Trust Artifacts are living, verifiable proof of your security posture—generated automatically from real scans.

Deterministic Evidence

Generated from actual security scans and compliance checks. No AI guessing—100% reproducible results from the same inputs.

Cryptographically Signed

Each artifact includes a SHA-256 evidence hash. Tamper-evident and independently verifiable by anyone.

Machine-Readable

Full JSON payload available via API. Integrate into CI/CD pipelines, auditor workflows, or procurement checks.

What's Inside an Artifact

Each artifact contains structured, verifiable data about your security posture

Field

Description

artifact_id

Unique identifier (e.g., SOC2-abc12345)

type

AI_SECURITY_ATTESTATION or COMPLIANCE_EVIDENCE_MARK

status

SECURED, EVIDENCE_READY, EVIDENCE_PARTIAL

evidence_hash

SHA-256 hash of all scan evidence

issued_at

ISO 8601 timestamp of generation

expires_at

Validity period (typically 1 year)

scope

What was verified vs not verified

risk_posture

Critical, high, medium, low issue counts

Embed in Your README

Add a verifiable trust badge to your repository in seconds

Markdown

[![HAIEC Trust Artifact](https://haiec.com/api/badge/YOUR-ARTIFACT-ID)](https://haiec.com/artifact/YOUR-ARTIFACT-ID)

HTML

<a href="https://haiec.com/artifact/YOUR-ID"><img src="https://haiec.com/api/badge/YOUR-ID" alt="HAIEC Trust Artifact"></a>

API Verification

curl https://haiec.com/api/v1/artifacts/YOUR-ID.json

How It Works

Install GitHub App

Connect HAIEC to your repositories via GitHub Marketplace

Automatic Scanning

We scan on every PR for security signals using deterministic rules

Artifact Generated

Passing scans generate cryptographically signed trust artifacts

Embed & Share

Add badges to READMEs, share with auditors, verify programmatically

Use Cases

Open Source Projects

Show contributors and users that your project follows security best practices with a verifiable badge.

Enterprise Procurement

Provide instant, verifiable proof of security posture to procurement teams evaluating your software.

Auditor Handoff

Share machine-readable evidence with auditors. No more manual evidence collection.

Get Your First Trust Artifact

Install the GitHub App and generate verifiable compliance evidence in minutes. Free for public repositories.

Install from GitHub Marketplace View Your Artifacts