chainguard-dev / clankLinks
Simple tool that allows you to detect imposter commits in GitHub Actions workflows.
☆25Updated 10 months ago
Alternatives and similar repositories for clank
Users that are interested in clank are comparing it to the libraries listed below
Sorting:
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- sigstore the hard way!☆116Updated 2 months ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated last week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆147Updated last week
- ☆20Updated 4 months ago
- Administrative tooling for Falco☆111Updated 2 weeks ago
- A tool to create, transform and attest VEX metadata☆161Updated this week
- An SBOM query language and associated utilities☆54Updated last year
- ☆74Updated 5 months ago
- Kubernetes audit logging, when you don't control the control plane☆88Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆101Updated this week
- Sneefer is a PoC project showing how to filter out irrelevent vulnerabilities from container image vulnerability scan results. It is base…☆26Updated 2 years ago
- Scans SBOMs for vulnerabilities with Grype☆85Updated last week
- Security configuration checks for popular cloud native applications and infrastructure.☆119Updated 3 years ago
- sigstore installation walkthrough, local☆63Updated last year
- ☆57Updated 3 years ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆103Updated last year
- a tool to audit the istio service mesh☆173Updated 4 years ago
- An query language and interactive tooling to work with SBOM data.☆14Updated last year
- A Github Action to automatically update digests for container images.☆78Updated 3 weeks ago
- Runtime security plug to protect user containers☆66Updated last week
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆85Updated 2 months ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆66Updated this week
- ☆23Updated 2 years ago
- ☆20Updated 4 months ago
- ☆56Updated last month
- A place for policy work group related proposals and prototypes.☆66Updated 5 months ago
- 🔍 Rekor transparency log monitoring and alerting☆27Updated 2 years ago
- A collection of reusable Github Actions workflows.☆146Updated this week