Highlights
Zero
Friction
One Gradle plugin. No CLI tools to install. Every http4k dependency is verified automatically before compilation.
Build-TimeEnforcement
If any artifact has been tampered with, the build fails. No silent failures, no runtime surprises. Supply chain integrity verified before your code compiles.
Full
Coverage
Covers all 200+ http4k modules - verifies JARs, CycloneDX SBOMs, SLSA provenance attestations, and license compliance reports for every dependency.
EnterpriseReady
Works seamlessly through Artifactory, Nexus, or any repository manager proxying maven.http4k.org. Fits into your existing infrastructure with no changes.
EU CyberResilience Act
The CRA requires machine-readable SBOMs and secure development practices for software sold in the EU. http4k Verify validates SBOMs for every dependency at build time.
US ExecutiveOrder 14028
Federal agencies require SBOMs for all purchased software. http4k Verify validates that SBOM signatures are authentic and untampered.
NIST SSDF(PS.3 / PW.4)
The Secure Software Development Framework recommends consuming provenance and verifying third-party components. http4k Verify automates this at build time.
PCI
DSS 4.0
Strengthened supply chain requirements for payment-processing software. http4k Verify provides verifiable evidence of artifact integrity for your audit trail.
