Tansu integrates stellar.expert's contract validation mechanism to ensure its on-chain contract matches the source code repository. This uses GitHub actions and SLSA attestations for supply-chain security. The feature verifies contract provenance on the Stellar blockchain explorer.
Tansu aims to validate projects using on-chain data, but requires its own contract's integrity to be verifiable. They've added support for stellar.expert's contract validation, which compiles contracts via GitHub actions and checks hashes on the explorer. This aligns with SLSA framework for securing software supply chains from code production to deployment. SLSA attestations link source code to on-chain artifacts, preventing malicious deployments. Stellar.expert indicates verified contract origins, enhancing trust in Tansu's Soroban-based operations on Stellar.
