defenseunicorns / go-oscalLinks
Repository for the generation of OSCAL data types
☆24Updated last week
Alternatives and similar repositories for go-oscal
Users that are interested in go-oscal are comparing it to the libraries listed below
Sorting:
- NIST OSCAL SDK and CLI☆19Updated 3 weeks ago
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- A tool to create, transform and attest VEX metadata☆155Updated last week
- Visualizer for GUAC☆28Updated 2 weeks ago
- ☆11Updated this week
- Go implementation of witness☆37Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆99Updated last week
- SBOM Move - Automate build and transfer of SBOMs across systems☆23Updated this week
- ☆16Updated last year
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- The Auditree framework tool to run compliance control checks as unit tests.☆71Updated last year
- OpenVEX Specification☆158Updated 3 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- Witness Examples☆11Updated last year
- The Compliance Validator☆184Updated 2 weeks ago
- An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.☆205Updated last week
- ☆57Updated 3 years ago
- ☆65Updated last year
- ☆114Updated last month
- Generate a score for your sbom to understand if it will actually be useful.☆233Updated last year
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Updated 2 years ago
- Various deployments of the OSCAL editor☆46Updated last year
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools☆18Updated this week
- TACOS framework structural details☆20Updated 4 months ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆102Updated this week
- Utility that provides an API and CLI to identify licenses and legal terms☆52Updated 2 months ago
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆141Updated last week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated this week
- Demo setup for compliance-trestle☆35Updated last week
- OSCAL reusable component definitions library☆12Updated 6 months ago