carabiner-dev / ampelLinks
π΄π‘π’ The Amazing Multipurpose Policy Engine (and L)
β38Updated last week
Alternatives and similar repositories for ampel
Users that are interested in ampel are comparing it to the libraries listed below
Sorting:
- A tool to create, transform and attest VEX metadataβ172Updated last week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for soβ¦β106Updated this week
- sigstore the hard way!β118Updated 6 months ago
- vexctl is a tool to attest VEX impact statementsβ45Updated 2 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.β71Updated last week
- Go implementation of witnessβ43Updated 2 weeks ago
- Scans SBOMs for vulnerabilities with Grypeβ85Updated last week
- sigstore installation walkthrough, localβ62Updated 2 months ago
- β255Updated 2 weeks ago
- β74Updated 2 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utilityβ60Updated 2 years ago
- β58Updated 3 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworksβ33Updated 9 months ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.β26Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.β72Updated this week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable suppβ¦β153Updated last week
- β20Updated 8 months ago
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI toolsβ19Updated last week
- Format agnostic SBOM toolingβ131Updated 2 months ago
- Go module to generate and transform VEX documentsβ52Updated last week
- OpenVEX Specificationβ166Updated 3 weeks ago
- A specification for signing methods and formats used by Secure Systems Lab projects.β94Updated 3 months ago
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.β144Updated 2 weeks ago
- An SBOM query language and associated utilitiesβ55Updated 2 years ago
- β23Updated 4 years ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko geneβ¦β103Updated last year
- Securing Alice's, Bob's and Carl's software supply chain using in-totoβ104Updated last week
- An query language and interactive tooling to work with SBOM data.β15Updated last year
- An http proxy for reproducibility.β19Updated 3 years ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signaturesβ12Updated 3 years ago