Cryptographic Proof of
Build Integrity
The only build server that proves your code was built securely using AMD SEV-SNP attestation. Hardware-enforced isolation means you don’t have to trust us—you can verify.
Build Services Ask You to Trust Them
Forge provides cryptographic proof instead
Traditional Build Services
- ✗You have to trust they run the code you see
- ✗Admins can access build environments
- ✗No proof the build wasn’t tampered with
- ✗Logs and secrets stored in plaintext
Forge (TEE-Based)
- AMD SEV-SNP attestation proves the build
- Hardware-encrypted memory prevents access
- Public attestation reports anyone can verify
- Zero-knowledge: logs encrypted with your key
How Forge Works
Every build runs in an AMD SEV-SNP encrypted VM with cryptographic proof
Clone Repository
Forge clones your Git repository at the specified commit inside a hardware-encrypted VM. The commit SHA is verified and included in the attestation report.
Run Pre-Build CI Steps
Execute tests, linting, and security scans on source code before building. All output is captured and encrypted.
Build Docker Image
Docker builds your image with enforced CPU, memory, and disk limits. The Dockerfile hash and base images are recorded for verification.
Generate Attestation
AMD SEV-SNP generates a cryptographically signed attestation report proving the build occurred in a genuine, isolated TEE. This report is signed by AMD’s private key.
Sign & Publish Manifest
The build manifest (Git commit, Dockerfile hash, image digest, attestation) is signed with Ed25519 and published publicly. Anyone can verify your build’s integrity.
Security-First Build Infrastructure
TEE Isolation
AMD SEV-SNP provides hardware-enforced memory encryption. The hypervisor cannot access your build process or inject malicious code.
Zero-Knowledge Logs
Build logs are encrypted with your public key before transmission. Teenode cannot read your logs—only you can decrypt them.
Public Attestation
Every build generates a public attestation report. Anyone can verify the Git commit, Dockerfile, and final image digest cryptographically.
Minimal Dependencies
Written in Go with only 2 external dependencies. The entire codebase is auditable in hours, not days.
Reproducible Builds
Same Git commit and Dockerfile always produce the same attestation measurement. Verify builds are truly reproducible.
Open Source
Apache 2.0 licensed. Audit the code, run your own instance, or contribute improvements. Full transparency for security-critical infrastructure.
Built for High-Security Industries
When regulatory compliance and trust verification are required
Fintech
Regulatory compliance, audit trails, and cryptographic proof for trading systems and payment infrastructure.
Healthcare
HIPAA requirements, data protection compliance, and verifiable build integrity for patient data systems.
Government
Federal compliance (FedRAMP), security standards, and supply chain verification for critical infrastructure.
Crypto/Web3
On-chain verifiable builds, trust verification for smart contracts, and proof of no hidden code in blockchain infrastructure.
Enterprise
Supply chain security, third-party vendor verification, and compliance with internal security policies.
Open Source
Offer cryptographic proof of build integrity to users. Prove your releases match your published source code.
Forge vs Traditional CI/CD
| Feature | Forge | GitHub Actions | CircleCI | Vercel |
|---|---|---|---|---|
| Cryptographic Build Proof | ✓ TEE Attestation | ✗ | ✗ | ✗ |
| Hardware-Encrypted Builds | ✓ AMD SEV-SNP | ✗ | ✗ | ✗ |
| Zero-Knowledge Logs | ✓ Encrypted | ✗ | ✗ | ✗ |
| Open Source | ✓ Apache 2.0 | ✓ | ✗ | ✗ |
| Self-Hosted | ✓ | ✓ | ✗ | ✗ |
| Public Attestation | ✓ Verifiable | ✗ | ✗ | ✗ |
Start Building with Cryptographic Proof
Deploy your first attested build in minutes.