wasmshield is a command-line tool designed for verifying and auditing WebAssembly (WASM) components. With its focus on security and integrity, wasmshield helps developers ensure their WASM components are robust and trustworthy.
- SBOM Audit: Analyze auditable data baked into components using
cargo auditable. - Signature Verification: Verify the digital signatures of WASM components for integrity checks.
To view the full list of commands and options:
wasmshield --helpAudits a specified WASM component using its Software Bill of Materials (SBOM). This requires cargo auditable data baked into the component.
Syntax:
wasmshield sbom <COMPONENT>Arguments:
<COMPONENT>: Path to the WASM component to analyze.
Example:
wasmshield sbom my_component.wasmVerifies the signature of a specified WASM component to ensure it has not been tampered with.
Syntax:
wasmshield signature <COMPONENT> --public-key <PUBLIC-KEY>Arguments:
<COMPONENT>: Path to the WASM component to verify.--public-key, -K: Path to the public key file associated with the signature.
Example:
wasmshield signature my_component.wasm --public-key public_key.pem- File not found: If a specified file (e.g., WASM component or public key) does not exist, an appropriate error will be displayed.
- Audit failures: The
sbomcommand will report vulnerabilities and warnings found during the audit. - Signature verification failures: The
signaturecommand will notify if any signatures fail the verification process.
Developed by Titus Abele
📧 tvmab@pm.me
Contributions are welcome! Please fork the repository, and submit a pull request with your changes.
wasmshield is licensed under
- MIT License
- Apache License, Version 2.0 at your option.