Skip to main content
Determinate Secure Packages

Secure, signed, auditable Nix packages

Determinate Secure Packages is a commercially supported drop-in replacement for Nixpkgs. The same 100,000+ packages, with a 7-day CVE SLA, cryptographic signing, and SOC 2 Type II infrastructure behind every build.

Included packages: Curated package subset

Curated package subset

A hand-picked collection of packages from Nixpkgs' 100,000+ options, pre-vetted and built on secure infrastructure, with additional coverage available on demand.
Included packages (opens in a new tab)
See SLAs: SLA-backed CVE remediation

SLA-backed CVE remediation

Automated vulnerability scanning detects CVEs across your dependencies, with proactive patching delivered on SLA-backed timelines. Critical vulnerabilities patched within 7 days of disclosure.
See SLAs (opens in a new tab)

Cryptographic signing

Every package is built on and distributed from SOC2-Type-II-compliant infrastructure, complete with cryptographic signatures for provenance. Verify provenance and integrity all the way down the supply chain.
More about FlakeBOM: Generate SBOMs using FlakeBOM

Generate SBOMs using FlakeBOM

Software Bills of Materials (SBOMs) are an emerging standard for supply chain security across domains. With Determinate Secure Packages, you get access to FlakeBOM, our lightning-fast CLI for generating SBOMs for Nix flakes in CycloneDX 1.5 format.
More about FlakeBOM
More about FlakeHub Cache: Full cache coverage in FlakeHub Cache

Full cache coverage in FlakeHub Cache

All covered packages are cached for all releases. That means no more cache misses, no rebuilding packages deep in the dependency tree, and no need to follow stable.
More about FlakeHub Cache (opens in a new tab)
More about FIPS from nist.gov: FIPS-compliant builds

FIPS-compliant builds

Access FIPS-140-2-compliant variants of Determinate Secure Packages geared towards organizations with strict U.S. federal regulatory requirements. Meet exacting compliance mandates without sacrificing the benefits of Nix's strong reproducibility guarantees.
More about FIPS from nist.gov (opens in a new tab)
Trust Center: SOC 2 Type II infrastructure

SOC 2 Type II infrastructure

Every package built and cached on audited, certified infrastructure. Satisfies the compliance questions your security team will ask before you ship.
Trust Center (opens in a new tab)
Docs: One-line migration

One-line migration

Replace Nixpkgs with a single URL change. Same 100,000+ packages, same API, same flake interface, with enterprise security behind every build.
Docs (opens in a new tab)
Tools

Supply chain tools included

Every Determinate Secure Packages subscription includes access to FlakeBOM and FlakeAudit, our tools for generating and auditing SBOMs across your supply chain.

  • Secure Packages documentation

    Secure Packages documentation (opens in a new tab)

    The full guide to adopting Determinate Secure Packages, from one-line migration to CVE reports and SBOMs.

  • Introducing Determinate Secure Packages

    Introducing Determinate Secure Packages

    The announcement post on why we built a secure, curated Nixpkgs for the enterprise, and how it works.

  • Sneak peek webinar

    Sneak peek webinar (opens in a new tab)

    Luc Perkins introduces Determinate Secure Packages, from CVE monitoring and patching to CycloneDX SBOM generation.

  • Provenance and SBOMs webinar

    Provenance and SBOMs webinar (opens in a new tab)

    How verifiable build provenance and granular SBOMs turn reproducibility into real supply chain assurance.

determinate

The Determinate platform

Determinate Nix, FlakeHub, and Determinate Secure Packages are built to work together. Keep exploring what else the platform can do.