Sample pack · A

github.com

Audit-ready — DNSSEC + strong email posture

Summary

GitHub publishes DNSSEC on github.com (rare among large platforms), enforces DMARC p=reject, and uses CT-logged certificates issued from a well-known CA. A solid reference for what a security-conscious developer platform looks like end-to-end.

Highlights from the scan

DNSSECsigned zone, validates from the root
DMARCp=reject with strict alignment
TLSvalid chain, modern ciphers, CT-logged
MTA-STSenforce policy published at mta-sts.github.com

Download the pack

Signed pack for github.com, generated against the live posture at the time the founder ran the build script. Verify the Ed25519 signature against /.well-known/evidence-pack-pubkey.pem.

Download PDF →Download JSON sidecar

See it live

The same 15-check methodology is also available on-demand at /d/github.com.

← All sample packs

Methodology v1 — the exact rules used to produce this pack.