carabiner-dev / ampelLinks
π΄π‘π’ The Amazing Multipurpose Policy Engine (and L)
β36Updated this week
Alternatives and similar repositories for ampel
Users that are interested in ampel are comparing it to the libraries listed below
Sorting:
- sigstore the hard way!β116Updated 5 months ago
- A tool to create, transform and attest VEX metadataβ172Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.β70Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for soβ¦β106Updated last week
- Go implementation of witnessβ43Updated last week
- vexctl is a tool to attest VEX impact statementsβ45Updated 2 years ago
- sigstore installation walkthrough, localβ62Updated last month
- β58Updated 3 years ago
- β72Updated last month
- β254Updated this week
- Scans SBOMs for vulnerabilities with Grypeβ85Updated last week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable suppβ¦β153Updated 2 weeks ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utilityβ60Updated 2 years ago
- β20Updated 7 months ago
- An SBOM query language and associated utilitiesβ55Updated 2 years ago
- Format agnostic SBOM toolingβ131Updated 2 months ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.β26Updated last year
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworksβ33Updated 9 months ago
- β23Updated 4 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.β91Updated 2 months ago
- Log monitor for Rekor to verify immutability and monitor entriesβ45Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.β72Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"β67Updated 2 years ago
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI toolsβ19Updated this week
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.β144Updated last week
- General sigstore community repoβ44Updated last week
- Go module to generate and transform VEX documentsβ52Updated this week
- OpenVEX Specificationβ164Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko geneβ¦β103Updated last year
- π Rekor transparency log monitoring and alertingβ27Updated 2 years ago