Platform
Salmon
Capabilities
Use Cases
Resources
Company
Book demo
Book demo
Software Production Has Shifted to Multi-Actor Execution
Code is now produced by multiple actors across distributed systems — humans, copilots, agents and tooling — but the resulting artifact does not preserve how it was produced or who is responsible.
Archipelo introduces a system of record for software execution — powered by Salmon.
Recorded execution events
Verified execution history
Deterministic attribution
Request a Demo
Downstream Systems Inherit Risk From Upstream Actors and Events
Downstream systems inherit risk from upstream actors and events: developer + AI hub with radiating risk pills
Traditional security tools analyze code, artifacts, and runtime environments. They do not identify the developers and agents that produced them. Archipelo establishes execution provenance across human developers, AI copilots, and autonomous agents — making a fundamental shift from inference to deterministic attribution.
Salmon — Execution Provenance for Human, AI-Assisted, and Agentic Software Development
Salmon execution provenance protocol: deterministic record of software production across humans, AI copilots, and agents
Salmon is the execution provenance protocol that deterministically records and verifies every event of software production — from code changes and AI interactions to agent actions and pipeline executions. It produces a canonical record from which responsibility is derived, not reconstructed from logs or telemetry.

Explore Salmon

What Is Developer Security Posture Management (DevSPM)?
Developer Security Posture Management connecting humans, AI copilots, and autonomous agents
Developer Security Posture Management (DevSPM) is the security, policy, and governance layer for multi-actor software production. Built on Salmon execution provenance, DevSPM interprets execution data across human developers, AI copilots, and autonomous agents — linking security findings to the developers and agents that produced them, and enforcing policy across all actor types.
Developer Vulnerability Attribution

Developer Vulnerability Attribution

Attribute CVE scan results to the developers that introduced them — whether humans, AI copilots, or autonomous agents.

Explore Developer Vulnerability Attribution
AI & Agent Actions Monitor

AI & Agent Actions Monitor

Monitor AI and agent actions across the software creation lifecycle — attributing changes to identifiable developers, copilots, and agents.

Explore AI & Agent Actions Monitor
Automated Developer Tool Inventory

Automated Developer Tool Inventory

Create a centralized inventory of CI/CD and developer tools across connected repositories and developer environments.

Explore Tool Inventory
Developer Security Posture

Developer Security Posture

Establish the data foundation for developer security posture by linking security findings to actions across human developers, AI copilots, and autonomous agents.

Explore Developer Security Posture

How It Works

Archipelo establishes a deterministic record of execution events across the SDLC — connecting developer identity (human + AI), actions, and outcomes.

  1. Connect

    Integrate across your development environment — source control, CI/CD pipelines, AI copilots, and agent frameworks — to capture execution events from human developers, copilots, and agents.

  2. Record

    Establish a deterministic record of execution events as they happen — linking every action to the developer or agent that performed it.

  3. Attribute

    Associate every action and finding with the specific developer, copilot, or agent responsible — connecting downstream results to upstream actors.

  4. Govern

    Apply security policies and governance controls across all actor types — with execution provenance as the foundation.

Archipelo product UI showing developer-attributed activity and risk findings

Execution Provenance for Engineering, Security, and Governance

The platform establishes execution provenance across software creation activity — including human developers, AI copilots, and autonomous agents — supplying the evidence that engineering, security, and governance teams can rely on.

Engineering

Establish execution provenance across multi-actor workflows — identify which developer, copilot, or agent caused a change, when, and where. Debug across agents, agent frameworks, and other toolchains.

Security

Run integrated security scans and link findings to the developers and agents responsible — establishing deterministic attribution, enabling efficient incident response, triage, and remediation.

Policy & Controls

Interpret execution provenance to surface insights across developer and agent activity — apply governance rules, enforce policies, and support audit and investigation requirements.

When multiple agents and developers contribute to the same code — we need to know exactly who did what. That's what execution provenance gives us.

CISO, Fortune 500 Company

Financial Services

Get Started

Verify how your software was produced — across human developers, AI copilots, and agents. Archipelo provides the system of record for execution attribution, security, and governance across software production.

Request a Demo