Determinate Systems
@determinate.systems
Bringing Nix ❄️ to the enterprise to empower fearless software delivery 💪 https://determinate.systems
(3/3) The best way to stay close to what’s coming (and help shape it) is to become a customer. Learn how in our launch blog post and reach out to us when you're ready to level up your Nix security and compliance game.
determinate.systems/blog/secure-...
determinate.systems/blog/secure-...
Introducing Determinate Secure Packages
A secure, signed, SLA-backed variant of Nixpkgs for teams who can't afford supply chain risk
determinate.systems
January 17, 2026 at 12:01 AM
(3/3) The best way to stay close to what’s coming (and help shape it) is to become a customer. Learn how in our launch blog post and reach out to us when you're ready to level up your Nix security and compliance game.
determinate.systems/blog/secure-...
determinate.systems/blog/secure-...
(2/3) Our Determinate Secure Package roadmap for 2026 and beyond is exciting and includes:
- More packages in the secure subset
- Malicious change analysis
- Excluding risky and sanctioned packages
- Security and compliance tool integrations
- More cryptography options beyond FIPS
- And more!
- More packages in the secure subset
- Malicious change analysis
- Excluding risky and sanctioned packages
- Security and compliance tool integrations
- More cryptography options beyond FIPS
- And more!
January 17, 2026 at 12:01 AM
(2/3) Our Determinate Secure Package roadmap for 2026 and beyond is exciting and includes:
- More packages in the secure subset
- Malicious change analysis
- Excluding risky and sanctioned packages
- Security and compliance tool integrations
- More cryptography options beyond FIPS
- And more!
- More packages in the secure subset
- Malicious change analysis
- Excluding risky and sanctioned packages
- Security and compliance tool integrations
- More cryptography options beyond FIPS
- And more!
Nix stays Nix. The risk profile changes. Your workload is lightened. Ready to get started? Learn how here: docs.determinate.systems/secure-packa...
Determinate Secure Packages | Determinate Systems
Secure, signed, auditable Nix packages that you can trust
docs.determinate.systems
January 15, 2026 at 9:40 PM
Nix stays Nix. The risk profile changes. Your workload is lightened. Ready to get started? Learn how here: docs.determinate.systems/secure-packa...
And through it all, nothing is taken away:
- A subset of packages undergoes heavy scrutiny but all of Nixpkgs remains available
- It’s a drop-in replacement, so all you need to do is change the flake reference
- You keep the same Nix workflows but eliminate numerous security unknowns
- A subset of packages undergoes heavy scrutiny but all of Nixpkgs remains available
- It’s a drop-in replacement, so all you need to do is change the flake reference
- You keep the same Nix workflows but eliminate numerous security unknowns
January 15, 2026 at 9:40 PM
And through it all, nothing is taken away:
- A subset of packages undergoes heavy scrutiny but all of Nixpkgs remains available
- It’s a drop-in replacement, so all you need to do is change the flake reference
- You keep the same Nix workflows but eliminate numerous security unknowns
- A subset of packages undergoes heavy scrutiny but all of Nixpkgs remains available
- It’s a drop-in replacement, so all you need to do is change the flake reference
- You keep the same Nix workflows but eliminate numerous security unknowns
...as well as:
- Explicit response SLAs for CVE remediation
- Packages built on SOC-2-Type-II-compliant infrastructure and cached in FlakeHub Cache
- Explicit response SLAs for CVE remediation
- Packages built on SOC-2-Type-II-compliant infrastructure and cached in FlakeHub Cache
January 15, 2026 at 9:40 PM
...as well as:
- Explicit response SLAs for CVE remediation
- Packages built on SOC-2-Type-II-compliant infrastructure and cached in FlakeHub Cache
- Explicit response SLAs for CVE remediation
- Packages built on SOC-2-Type-II-compliant infrastructure and cached in FlakeHub Cache
We're not changing how Nix works—we're absorbing the operational and security burden that you'd need to shoulder on your own. With DSP, you get:
- Per-release SBOMs in CycloneDX format for provenance
- Explicit response SLAs for CVE remediation
- Grype security scans multiple times a day
- Per-release SBOMs in CycloneDX format for provenance
- Explicit response SLAs for CVE remediation
- Grype security scans multiple times a day
January 15, 2026 at 9:40 PM
We're not changing how Nix works—we're absorbing the operational and security burden that you'd need to shoulder on your own. With DSP, you get:
- Per-release SBOMs in CycloneDX format for provenance
- Explicit response SLAs for CVE remediation
- Grype security scans multiple times a day
- Per-release SBOMs in CycloneDX format for provenance
- Explicit response SLAs for CVE remediation
- Grype security scans multiple times a day
(3/3) We want people to consider those things non-negotiable must-haves when it comes to organizational adoption. Time will tell on that, of course, and we're confident that this is a deeply fruitful direction for Nix and Nixpkgs.
January 14, 2026 at 6:12 PM
(3/3) We want people to consider those things non-negotiable must-haves when it comes to organizational adoption. Time will tell on that, of course, and we're confident that this is a deeply fruitful direction for Nix and Nixpkgs.
(2/3) We're hoping that it proves to be a watershed moment for Nix in the enterprise—not just for the splashier features (like SLAs for CVE remediation and FIPS support) but also for what it means for things like provenance, SBOMs, release diffs, secure infrastructure, and deep compliance-mindedness
January 14, 2026 at 6:12 PM
(2/3) We're hoping that it proves to be a watershed moment for Nix in the enterprise—not just for the splashier features (like SLAs for CVE remediation and FIPS support) but also for what it means for things like provenance, SBOMs, release diffs, secure infrastructure, and deep compliance-mindedness
At Determinate Systems, we’ve been hard at work on an industry-leading solution to this problem: Determinate Secure Packages 📦 ❄️ ✨. Stay tuned this week for a series of announcements 📣. Or check out our recent webinar for a sneak peek: luma.com/bq0phmmf
Sneak peek: Determinate Secure Packages · Zoom · Luma
We've been working on something pretty exciting and we're ready to pull back the curtains a bit. Join us for our next webinar where Luc Perkins will introduce…
luma.com
January 12, 2026 at 7:43 PM
At Determinate Systems, we’ve been hard at work on an industry-leading solution to this problem: Determinate Secure Packages 📦 ❄️ ✨. Stay tuned this week for a series of announcements 📣. Or check out our recent webinar for a sneak peek: luma.com/bq0phmmf
But if you’re a CSO or other security-minded decision maker, the picture isn’t quite so rosy 🥀. No SLAs dictating response time for CVEs. No SBOMs for provenance. All packages built and cached on community infrastructure. Packages often missing from the cache due to build failures.
Sneak peek: Determinate Secure Packages · Zoom · Luma
We've been working on something pretty exciting and we're ready to pull back the curtains a bit. Join us for our next webinar where Luc Perkins will introduce…
luma.com
January 12, 2026 at 7:43 PM
But if you’re a CSO or other security-minded decision maker, the picture isn’t quite so rosy 🥀. No SLAs dictating response time for CVEs. No SBOMs for provenance. All packages built and cached on community infrastructure. Packages often missing from the cache due to build failures.