Solscan Program Verification Status and Security.txt

Solscan displays additional metadata on Program pages to help users assess program integrity and security contact availability. Two indicators support this: Program Verification Status and Security.txt. Both appear in the More Info section of a program’s page and are derived from metadata published during program deployment.

Together, these features reinforce Solana’s open-source ethos by making source integrity and security disclosure information visible and accessible directly from the explorer.

Program Verification Status

The Program Verification status indicator shows whether the hash of the deployed on-chain program matches the hash generated from its published source code.

When verification is successful, it confirms that the executable running on-chain corresponds exactly to the referenced codebase. This comparison is enabled through verified build tooling developed by Ellipsis Labs and osec.io, which supports deterministic build reproduction for Solana programs.

On Solscan, the verification status (Verified or False) is displayed directly on the Program page. Users can click the external link icon to be redirected to the program’s GitHub repository, allowing immediate inspection of the source code associated with the verified build. This establishes a direct and traceable link between on-chain execution and off-chain source code.

Program Verification status indicator on Program page

Security.txt

Security.txt is a standardized file that allows program developers to publish security-related contact information and disclosure guidance as part of their program deployment.

When a program includes a published security.txt file, Solscan displays a True status on the Program page. Selecting this indicator redirects users to the Security tab, where the available contact details and security policy information are displayed.

By surfacing this metadata directly on Program pages, Solscan lowers the barrier for responsible disclosure and improves visibility into how security issues should be reported.

Security.txt status indicator on Program page

Where These Indicators Appear

Both Program Verification Status and Security.txt are visible on a program’s Program page, under the More Info section.

Below this section, Solscan provides two dedicated tabs:

Verification, which displays verification details and links to the program’s source repository

Verification tab

Security, which displays the contents of the published security.txt file, when available

Security tab

These tabs allow users to review verification and security information immediately, without leaving the Program page.

Why These Matter

Displaying program verification and security metadata directly on Solscan reinforces transparency at the explorer level. Verification status helps users confirm that on-chain programs align with their published source code, supporting reproducible builds and open-source accountability. Security.txt visibility establishes a clear and standardized channel for responsible vulnerability disclosure.

By integrating both signals into a widely used explorer interface, Solscan contributes meaningfully to the Solana ecosystem. These features reduce information asymmetry, encourage better security practices, and make open-source verification more accessible—not only to auditors and developers, but to all users interacting with on-chain programs.

Summary

Program Verification Status and Security.txt serve complementary roles on Solscan. One verifies source integrity, the other enables secure communication. Together, they promote open-source transparency and strengthen trust in Solana programs by making critical metadata visible where users already explore on-chain activity.