UDS — allies & deploy SZL on UDS Core
The American-led open-source supply-chain + cloud-native ecosystem UDS is built on. Every ally we credit, partner with, and build alongside — and how to run SZL inside UDS Core.
The symbiotic allies
| Ally | Role | Why it matters |
|---|---|---|
| Chainguard | distroless image substrate | near-zero-CVE base images; US-founded; Dan Lorenc co-created Sigstore |
| Anchore | SBOM + scanning (Syft / Grype) | de-facto OSS SBOM tools; inside DoD via AFWERX |
| Sigstore | Cosign / Fulcio / Rekor | keyless signing; what Zarf bundles verify at the airgap boundary |
| in-toto | attestation framework (NYU/Purdue) | Khipu DAG ≈ in-toto provenance graph; CNCF-graduated 2025 |
| SLSA | supply-chain levels (OpenSSF) | our measurable "American-made" claim per artifact |
| Defense Unicorns | Zarf + UDS Core | airgap-native delivery; AFWERX Phase II; SBIR Phase III IDIQ |
Deploy SZL on UDS Core
# 1. Zarf packages each flagship into an airgap bundle, signed with cosign zarf package create ./szl-flagship --confirm # 2. UDS Core admits it via Pepr policy; Istio gives mTLS; Keycloak gives SSO uds zarf package deploy zarf-package-szl-*.tar.zst --confirm # 3. The per-node provenance ledger = Khipu DAG receipts
Anchor proof point: Defense Unicorns publicly demoed pushing a software update to an air-gapped drone under EW attack (Manifest Demo Day, Mar 2025). UDS is already a drone/autonomy delivery rail in contested environments — exactly the surface Killinchu targets. Replicator-2 (counter-small-UAS) explicitly calls out open system architecture as a challenge.
Full mesh demo: SZLHOLDINGS/uds-demo
Source: killinchu/uds_allies/UDS_ALLIES_ECOSYSTEM.md · DOD_DRONE_UDS_OPPORTUNITY.md · AMERICAN_MADE_SUPPLY_CHAIN.md