Live Trust Dashboard
Renders the live compliance artifacts published at /.well-known/ on this site: the deploy-time KSI signal (Sigstore-signed), the runtime KSI signal (re-validated daily by an AWS Lambda), the NIST OSCAL Rev 5 System Security Plan, the NIST OSCAL Plan of Action and Milestones, the FedRAMP 20x VDR report, and the FedRAMP IIW (SSP Appendix M) — all derived from the same canonical inventory. The page is presentational; the JSON and CSV documents are the source of truth.
Direct links: KSI signal · OSCAL SSP · OSCAL POA&M · VDR report · IIW (CSV).
For the architecture and rationale, see The Plumbing. For the FedRAMP authorization boundary that scopes what is and is not in this picture, see the boundary diagram.
Trust Status
Deploy-time signal
Last deploy
Last runtime check
Drift
Verify it yourself
This dashboard runs in your browser and reads the same JSON anyone else's tool would. To verify the deploy-time signal cryptographically, fetch the artifact and bundle and run cosign verify-blob:
curl -sO https://samaydlette.com/.well-known/ksi-signal.json curl -sO https://samaydlette.com/.well-known/ksi-signal.bundle cosign verify-blob \ --bundle ksi-signal.bundle \ --certificate-identity-regexp 'https://github.com/sam-aydlette/samaydlette.com/.github/workflows/.+' \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ ksi-signal.json
The signature chain anchors in public infrastructure: Fulcio (the certificate authority), the GitHub Actions OIDC issuer, and the Rekor transparency log. Verification does not depend on trusting this site.
KSI Signal (deploy-time)
raw JSON · Sigstore bundle · schemaMetadata
Components
Validations
Populated in CI from the OPA gate.
Loading…
OSCAL Rev 5 SSP
raw JSONMetadata
Implementation status distribution
Implemented requirements
Loading…