Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
☆45Oct 30, 2023Updated 2 years ago
Alternatives and similar repositories for image-layer-provenance
Users that are interested in image-layer-provenance are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- Meeting materials☆19Feb 26, 2026Updated 3 weeks ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- Kubernetes in Docker on Travis-CI☆44Jul 5, 2019Updated 6 years ago
- ☆29Aug 9, 2024Updated last year
- ☆14Jan 11, 2023Updated 3 years ago
- A trivial wrapper around spf13/cobra to simplify some basic patterns☆21Oct 23, 2023Updated 2 years ago
- ☆58Jun 1, 2022Updated 3 years ago
- Search Rekor for entries☆40Mar 6, 2026Updated 2 weeks ago
- Action to automatically open a new PR to the https://github.com/withfig/autocomplete repo☆13Sep 4, 2024Updated last year
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆145Mar 13, 2026Updated last week
- ☆11Apr 25, 2019Updated 6 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 4 months ago
- Comparison of Chainguard Images to others☆21Updated this week
- OCI transport plugin for apt-get (i.e., apt-get over ghcr.io)☆114Mar 16, 2026Updated last week
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- For engineers and security teams driving fast and secure software supply chains☆86Feb 6, 2023Updated 3 years ago
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- ☆15Updated this week
- ☆23Oct 26, 2021Updated 4 years ago
- BuildKit Syft scanner☆47Mar 17, 2026Updated last week
- A webhook to use CIVO DNS as a DNS issuer for cert-manager.☆21Mar 8, 2024Updated 2 years ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- Tool to convert CNAB bundle.json to OCI index☆57Updated this week
- Design documents and interoperability tests for Interoperable RA-TLS projects☆13Jan 8, 2024Updated 2 years ago
- Unofficial Terraform provider for planetscale☆29May 14, 2022Updated 3 years ago
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆60Mar 16, 2026Updated last week
- Utility for bulk image, license, package, and vulnerability discovery in containerize workloads on GCP. Includes CLI and Service with cus…☆13Feb 15, 2024Updated 2 years ago
- A Java implementation of in-toto runlib☆11Jul 23, 2024Updated last year
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- ☆58Mar 16, 2026Updated last week
- Simple example for using an in-cluster BuildKit instance for container builds☆19Mar 22, 2019Updated 7 years ago
- Mango (man page generator) integration for Kong☆23Mar 6, 2026Updated 2 weeks ago
- ☆11Dec 27, 2023Updated 2 years ago
- deprecated, use https://github.com/octohelm/piper instead.☆14Sep 3, 2024Updated last year