Attestree
Run it free
COMMUNITY EDITION · EARLY ACCESS

Run Attestree free on your own fleet.

The Community Edition is the full platform, self-hosted with docker compose up — free for up to 50 Windows endpoints. No Azure, no Entra. First endpoint reconciled in five minutes.

Get the Community Edition Star on GitHub

Early access — the image is in pre-GA validation. Free up to 50 endpoints.

COMMUNITY vs COMMERCIAL
Run it
docker compose up
Aspire → AKS
Identity
Local login
Entra + Azure AD
Endpoints
Up to 50
5K–25K
Audit signing
Local dev key
AKV Managed HSM
Price
Free
Commercial
WHAT YOU GET, FREE

The same product, scaled down.

One inventory, every manager

See what is actually installed across your fleet — winget today, more package managers as they land.

Ring-promoted upgrades

Deploy, upgrade, and roll back in rings (observe → quarantine → enforce) with auto-rollback on bad signals.

SBOM + attestation, free

Every install produces a signed SBOM and attestation as a byproduct — the same wedge, scaled down.

Fleet reconciliation

Declarative desired state; drift surfaces as telemetry. The full control plane, self-hosted.

No Azure, no Entra

Local admin login and a paste-a-token enrollment. Runs on a single box with Docker — nothing in the cloud.

Private by default

Opt-in, anonymized telemetry — default off, and every event is visible to you. No package IDs, no hostnames.

QUICKSTART

From zero to first endpoint in five minutes.

One image, a Postgres sidecar, and a Docker volume. No subscription, no cloud account. Pull it, bring it up, enroll your first endpoint.

~/attestree 
# Community Edition — early access (pre-GA)
$ docker compose up
#   platform + Postgres sidecar, no Azure required
#   open http://localhost:8080  →  create an admin login
#   generate an enrollment token, drop it on an endpoint
#   first endpoint reconciled in ~5 minutes

Honest about the audit posture. The Community Edition signs its audit chain with a local, dev-grade key — great for a homelab, not for regulatory submission. Need auditor-ready evidence, hardware-backed keys, or an on-prem appliance? That is what the commercial tiers are for.

Compliance tiers
JOIN IN

A small community, building in the open.

GitHub

Star the repo, file issues, and ask questions in Discussions. The Apache-2.0 installer shim is open source.

Open GitHub

Roadmap

See what is shipping next across inventory, transforms, drivers, firmware, and Windows Updates.

View the roadmap

Discord

Real-time chat opens once the community grows past the first wave. For now, Discussions is home.

Coming soon

Outgrow 50 endpoints?

The commercial tiers lift the cap and add Entra SSO, hardware-backed signing, an on-prem appliance, and the evidence bundles your auditors ask for — same product, same data, no re-enrollment.

See pricing Request access