Attestree
Run it free
RESEARCH

Notes from inside the catalog layer.

Long-form on supply chain integrity, attestation, and the structural difference between scan-after-install and prove-before-install.

FEATURED
INCIDENT
M. Okonkwo May 20, 2026 12 min

Reading the antv/g2 supply-chain compromise like a catalog operator

In mid-May 2025, an attacker compromised an antv maintainer account and shipped a credential-stealing payload through @antv/g2 to every project transitively depending on echarts-for-react. The interesting question is not whether we would have caught it — it is what would have been cheap to catch, and what to expect from the next one.

Read essay
ALL ESSAYS

Recent writing.

WEDGE

Why SBOMs at ingest beat SBOMs at scan

For a decade we have been told the path to supply chain hygiene is to scan everything after it lands. We think that is backwards. Here is the structural argument for moving the verification boundary one hop earlier — and what changes when you do.

D. Halberstam Apr 22, 2026 14 min
INCIDENT

What we learned dissecting the XZ backdoor for our threat model

A blow-by-blow read of the XZ Utils compromise, mapped against an ingest-time attestation pipeline. The interesting question is not "would we have caught it?" — it is "what would have been cheap to catch."

M. Okonkwo Apr 09, 2026 11 min
ENGINEERING

Our path from dotnet aspirate to production Aspire on AKS

A pre-1.0 framework, an opinionated control plane, and one quiet weekend of YAML deletion. Notes on what Aspire got right, what it got wrong, and what we ended up writing ourselves.

L. Park Mar 28, 2026 9 min
ENGINEERING

How Cedar policy-as-code replaced our YAML rules engine

We had three thousand lines of YAML pretending to be a policy language. We replaced it with Cedar in a quarter and stopped fighting our own tooling. A walkthrough of the migration and the surprise edges.

J. Reyes Mar 14, 2026 8 min
ADR

ADR-014: choosing in-toto over a homegrown attestation format

The decision record from December 2025. We considered three paths, prototyped two, and standardized on in-toto v1 with Sigstore-rooted DSSE envelopes. The trade-offs we accepted, in our own words.

D. Halberstam Feb 27, 2026 7 min
WEDGE

The two-flow diagram, in two thousand words

A long-form expansion of the diagram on the home page. Why "scan-after-install" and "prove-before-install" are not the same control with different timing — they are different controls with different failure modes.

D. Halberstam Feb 11, 2026 13 min
THREAT

A threat model for Windows package ingest in 2026

Walking the attack surface from upstream maintainer compromise through CDN cache poisoning, MOTW evasion, and post-install registry abuse. Where attestation helps, where it does not, and what still needs runtime defenses.

M. Okonkwo Jan 30, 2026 15 min
INCIDENT

Reading the 3CX desktop client compromise like a control-plane operator

Less a postmortem of 3CX and more a postmortem of every endpoint manager that shipped the malicious update. The boring control changes that would have raised the bar — and the boring reasons they were not in place.

M. Okonkwo Jan 16, 2026 10 min
ENGINEERING

Building a deterministic ingest queue without an event broker

We almost reached for Kafka. Then we read our own requirements again and reached for Postgres LISTEN/NOTIFY plus an outbox. A pattern that scales further than people expect, with the receipts.

L. Park Jan 02, 2026 6 min
SUBSCRIBE

Get the next essay in your inbox.

One post per month, no marketing.