☆16May 15, 2024Updated last year
Alternatives and similar repositories for controls-catalog
Users that are interested in controls-catalog are comparing it to the libraries listed below
Sorting:
- A CLI tool for creating secure by design/default source repos.☆28Jul 29, 2024Updated last year
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- 🥑 Inspect and understand an organization's software supply chain using AI to enable stakeholders to make actionable decisions about soft…☆22Apr 15, 2024Updated last year
- A comprehensive framework and assessment toolkit for measuring and improving Cloud Native security maturity across 8 critical business fu…☆10Jun 24, 2025Updated 8 months ago
- A functional type system for policy inspection, audit and enforcement.☆13Aug 17, 2023Updated 2 years ago
- Threat Hunting at Scale: Auditing Thousands of Clusters With Falco + Fluent☆12Aug 13, 2022Updated 3 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Apr 22, 2025Updated 10 months ago
- Visualizer for GUAC☆30Updated this week
- Helm Chart for deploying GUAC☆18Updated this week
- A curated list of awesome SPIFFE and SPIRE related things☆15Jul 29, 2024Updated last year
- A curated list of awesome CNAB (Cloud Native Applications Bundles) | https://cnab.io/☆16Dec 17, 2020Updated 5 years ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆18Feb 6, 2026Updated 3 weeks ago
- An http proxy for reproducibility.☆19Jan 10, 2023Updated 3 years ago
- [EXPERIMENTAL] Kubernetes Operator for Image Assurance☆20Aug 11, 2020Updated 5 years ago
- ☆23Oct 26, 2021Updated 4 years ago
- ☆22Apr 6, 2024Updated last year
- Specification for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆26Nov 17, 2025Updated 3 months ago
- The Compliance Validator☆184Updated this week
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆145Feb 13, 2026Updated 2 weeks ago
- ☆23Mar 13, 2023Updated 2 years ago
- Sigstore user stories☆30Aug 25, 2023Updated 2 years ago
- ☆102Sep 27, 2024Updated last year
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆108Updated this week
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Jul 5, 2023Updated 2 years ago
- Scripts to import OSCAL example content into the Neo4J graph database☆32Jan 28, 2023Updated 3 years ago
- Trust Dexter to ensure that all your images are pinned by digest for better security☆31Nov 8, 2023Updated 2 years ago
- Automated testing, generation & manipulation of #osquery packs☆74Oct 16, 2024Updated last year
- Buildkit frontend to run Tekton objects locally as well as a tkn plugins☆32Feb 20, 2026Updated last week
- Draft Measures Working Content Repository☆10Apr 15, 2021Updated 4 years ago
- A docker container containing useful kubernetes tooling☆52Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 2 years ago
- An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.☆234Updated this week
- Demo setup for compliance-trestle☆37Jan 28, 2026Updated last month
- Demo repository showcasing how to use reusable workflows to build artifact attestations☆14Feb 16, 2026Updated last week
- data-mesh-demo☆13Apr 12, 2022Updated 3 years ago
- Log monitor for Rekor to verify immutability and monitor entries☆47Updated this week
- Minimal container registry☆41Feb 22, 2026Updated last week
- Consul and Kubernetes running on Docker https://shipyard.demo.gs/☆41May 25, 2021Updated 4 years ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago