k2gl provides a family of open-source PHP libraries and Composer plugins focused on software supply-chain security. It enables developers to verify Sigstore signatures, check build provenance, and validate licenses for Composer dependencies. The suite also includes utilities for working with attestation formats like DSSE, in-toto, SLSA, and TUF, helping PHP developers ensure the integrity of their dependencies.
k2gl sits in PulseGate's Frameworks & SDKs category. It focuses on providing PHP developers with secure, open-source libraries for supply-chain security and digital identity formats. It is built as an open-source project for php developers, security engineers, open-source maintainers. k2gl is open source under the Open Source license. It runs on the web and the command line, and it can be self-hosted.
It is developed by Nick Harin, and the product first shipped in 2024. Key capabilities include supply-chain security, sigstore verification, and composer plugins.
Latest indexed changes and source events
Other apps tracked under the same category.