Secure, signed, auditable Nix packages
Determinate Secure Packages is a commercially supported drop-in replacement for Nixpkgs. The same 100,000+ packages, with a 7-day CVE SLA, cryptographic signing, and SOC 2 Type II infrastructure behind every build.
Curated package subset
A hand-picked collection of packages from Nixpkgs' 100,000+ options, pre-vetted and built on secure infrastructure, with additional coverage available on demand.SLA-backed CVE remediation
Automated vulnerability scanning detects CVEs across your dependencies, with proactive patching delivered on SLA-backed timelines. Critical vulnerabilities patched within 7 days of disclosure.Cryptographic signing
Every package is built on and distributed from SOC2-Type-II-compliant infrastructure, complete with cryptographic signatures for provenance. Verify provenance and integrity all the way down the supply chain.Generate SBOMs using FlakeBOM
Software Bills of Materials (SBOMs) are an emerging standard for supply chain security across domains. With Determinate Secure Packages, you get access to FlakeBOM, our lightning-fast CLI for generating SBOMs for Nix flakes in CycloneDX 1.5 format.Full cache coverage in FlakeHub Cache
All covered packages are cached for all releases. That means no more cache misses, no rebuilding packages deep in the dependency tree, and no need to follow stable.FIPS-compliant builds
Access FIPS-140-2-compliant variants of Determinate Secure Packages geared towards organizations with strict U.S. federal regulatory requirements. Meet exacting compliance mandates without sacrificing the benefits of Nix's strong reproducibility guarantees.SOC 2 Type II infrastructure
Every package built and cached on audited, certified infrastructure. Satisfies the compliance questions your security team will ask before you ship.One-line migration
Replace Nixpkgs with a single URL change. Same 100,000+ packages, same API, same flake interface, with enterprise security behind every build.Supply chain tools included
Every Determinate Secure Packages subscription includes access to FlakeBOM and FlakeAudit, our tools for generating and auditing SBOMs across your supply chain.
- Learn more about FlakeBOM
FlakeBOM
Generate spec-compliant SBOMs from any Nix flake.
Learn more - Learn more about FlakeAuditComing soon
FlakeAudit
Audit SBOMs against custom policies and compare them with confidence.
Learn more
- Secure Packages documentation
Secure Packages documentation (opens in a new tab)
The full guide to adopting Determinate Secure Packages, from one-line migration to CVE reports and SBOMs.
- Introducing Determinate Secure Packages
Introducing Determinate Secure Packages
The announcement post on why we built a secure, curated Nixpkgs for the enterprise, and how it works.
- Sneak peek webinar
Sneak peek webinar (opens in a new tab)
Luc Perkins introduces Determinate Secure Packages, from CVE monitoring and patching to CycloneDX SBOM generation.
- Provenance and SBOMs webinar
Provenance and SBOMs webinar (opens in a new tab)
How verifiable build provenance and granular SBOMs turn reproducibility into real supply chain assurance.
The Determinate platform
Determinate Nix, FlakeHub, and Determinate Secure Packages are built to work together. Keep exploring what else the platform can do.
- Learn more about Determinate Nix
Determinate Nix
The secure, stable, validated distribution of Nix.
Learn more - Learn more about FlakeHub
FlakeHub
Privately cache Nix artifacts and share flakes.
Learn more
- Learn more about Enterprise Nix SupportLearn more
Enterprise Nix Support
Enterprise-grade support for simple, secure, and confident Nix.