Please select a specific project below for more information about its status.

Project Name Status Description
Developer Tools In Progress (67%) Specification, Library, Command Line Interface, etc.
WordPress Integration Pending Gossamer for WordPress themes/plugins
Composer Integration Pending Gossamer for PHP dependencies via Composer

Gossamer Roadmap Overview

If you're interested, the History of Gossamer is contained on a separate page.

The ultimate goal of Gossamer is to ensure that PHP and WordPress developers have the capability of signing their open source software and verifying that the dependencies they install from third-party developers is authentic.

When we have succeeded at securing the PHP ecosystem, we intend to assist other ecosystems (e.g. Java, Node.js, Python, Ruby) in securing their open source software supply chains.

Order of Operations

  1. Write a formal specification, threat model, and design document.
  2. Develop a stable PHP library that implements the design.
  3. Develop a client-side library and server-side API that speak the protocol.
  4. Build the integration tooling for existing ecosystems (in parallel):
    • Composer / Packagist
    • WordPress
    • Any others in PHP untouched by the above two
  5. Build Virtual Machine labs for testing the ecosystem defenses.
  6. Victory lap!
  7. Reach out to other package management software teams.