Attestree
Run it free
PRODUCT

Winget Enterprise.

SBOM at ingest, not post-install scan.

IN DEV
Request access

Currently in development — early-access slots available.

THE PROBLEM

What's broken without it.

Most Windows shops install winget packages straight from the public source and discover problems only after a scanner runs against an endpoint two days later. By then the artifact is on a thousand machines, and your IR rotation owns the cleanup. SBOMs are an afterthought, attestations are missing, and the supply-chain story is "we trust Microsoft’s CDN."

audit-trail.log · status quo
1 # T+0 install completes on 1,204 endpoints
2 # T+2d scanner runs across the fleet
3 # T+2d scanner flags 14 endpoints with vulnerable artifact
4 # T+3d helpdesk tickets begin to arrive
5 # T+5d incident response opens IR-2026-0418
6 # T+9d auditor asks: "who approved this artifact?"
7 # T+9d answer: nobody. it shipped because the CDN said so.
HOW ATTESTREE SOLVES IT

The approach.

Attestree gates winget at the moment of ingest. Every package fetched from the public source is verified against your policy — provenance, SBOM, SLSA level, license — before it ever reaches a fleet node. Rejected artifacts never make it to canary; admitted artifacts carry signed receipts your auditor can verify with a public key.

attestree.toml · winget-enterprise
1 # attestree.toml — fleet ingest config
2 [ingest.winget]
3 source = "https://cdn.winget.microsoft.com/cache"
4 require_sbom = true # reject artifacts without provenance
5 require_attestation = true # reject unsigned in-toto layouts
6 roots = ["acme-internal-ca"] # managed key today — "sigstore-public" root is roadmap
7
8 [gate.policy]
9 min_slsa_level = 2
10 cve_max_severity = "medium"
11 license_allowlist = ["MIT", "Apache-2.0", "BSD-3-Clause"]
12
13 # $ attestree gate Microsoft.PowerToys --version 0.81.1
14 # ✓ provenance verified (managed key: 9c4f...)
15 # ✓ SBOM attached (CycloneDX 1.5)
16 # ✓ SLSA Level 2 build provenance
17 # → admitted to fleet ring: canary-windows
BUILT FOR
Mid-market Enterprise Financial services
WHAT'S NEXT

Roadmap, in three moves.

Q3 2026

Sigstore-only roots

Drop static-trust-store mode for Sigstore-rooted verification with TUF metadata.

Q4 2026

Per-ring CVE budgets

Different policy bundles for canary, broad, and frozen rings — applied automatically.

design-partner mode through GA

WDAC policy generation

Emit a Windows Defender Application Control policy from your admit set, signed.

Ready for winget enterprise on your fleet?

Early-access slots are open through GA. Tell us about your fleet.

Request access
OTHER PRODUCTS
Winget Enterprise Inventory Transforms Drivers Firmware Windows Updates