Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
☆45Oct 30, 2023Updated 2 years ago
Alternatives and similar repositories for image-layer-provenance
Users that are interested in image-layer-provenance are comparing it to the libraries listed below
Sorting:
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- ☆31Updated this week
- Action to automatically open a new PR to the https://github.com/withfig/autocomplete repo☆12Sep 4, 2024Updated last year
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Jan 26, 2026Updated last month
- A Kubernetes admission controller driven by open-feature☆14Apr 3, 2023Updated 2 years ago
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- Search Rekor for entries☆39Updated this week
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- Comparison of Chainguard Images to others☆21Updated this week
- ☆14Jan 11, 2023Updated 3 years ago
- ☆29Aug 9, 2024Updated last year
- ☆58Jun 1, 2022Updated 3 years ago
- Kubernetes in Docker on Travis-CI☆44Jul 5, 2019Updated 6 years ago
- A trivial wrapper around spf13/cobra to simplify some basic patterns☆21Oct 23, 2023Updated 2 years ago
- BuildKit Syft scanner☆45Updated this week
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- A webhook to use CIVO DNS as a DNS issuer for cert-manager.☆21Mar 8, 2024Updated last year
- GitHub actions for the chainguard-images☆21Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- ☆23Oct 26, 2021Updated 4 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 3 months ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- Simple example for using an in-cluster BuildKit instance for container builds☆19Mar 22, 2019Updated 6 years ago
- A single repo that shows terraform, terragrunt, helm & docker☆21Jun 8, 2022Updated 3 years ago
- Tool to convert CNAB bundle.json to OCI index☆57Updated this week
- For engineers and security teams driving fast and secure software supply chains☆85Feb 6, 2023Updated 3 years ago
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated last year
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆59Feb 23, 2026Updated last week
- sigstore installation walkthrough, local☆62Dec 8, 2025Updated 2 months ago
- Nyancat over SSH 🐱☆22Mar 26, 2025Updated 11 months ago
- Go implementation of witness☆45Updated this week
- A LSP server for Pulumi YAML☆25Feb 25, 2026Updated last week
- ☆49Feb 10, 2026Updated 3 weeks ago
- SLSA Proposals☆11Jan 29, 2024Updated 2 years ago
- ☆11Jan 14, 2026Updated last month
- An example repo demonstrating keyless signing with Github Actions☆11May 24, 2022Updated 3 years ago