Pyvorin Supply Chain Security

SBOM

Pyvorin provides a Software Bill of Materials listing all dependencies.

Signed Artifacts

Compiled artifacts are signed with Ed25519 signatures. Verify before loading:

pyvorin verify artifact.so

Reproducible Builds

Same source + same compiler version = identical artifact hash.

Dependency Scanning

Pyvorin dependencies are scanned for CVEs before every release.