evryfs / sbom-dependency-submission-actionView external linksLinks
Submit SBOMs to GitHub's dependency submission API
☆18Dec 4, 2025Updated 2 months ago
Alternatives and similar repositories for sbom-dependency-submission-action
Users that are interested in sbom-dependency-submission-action are comparing it to the libraries listed below
Sorting:
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Jan 26, 2026Updated 2 weeks ago
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- Kubernetes tools in a "distroless" container☆13Oct 30, 2023Updated 2 years ago
- ☆11Nov 11, 2022Updated 3 years ago
- Demo app duplicated in 5 languages (Go/JavaScript/Python/Ruby/Rust) showing how to go from source code to container image using melange+a…☆37Dec 24, 2023Updated 2 years ago
- my goreleaser.yml files☆13Feb 5, 2026Updated last week
- Comparison of Chainguard Images to others☆21Feb 9, 2026Updated last week
- To manage Docker Content Trust and Notary certificates☆13Updated this week
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆58Updated this week
- ☆58Jun 1, 2022Updated 3 years ago
- Simplify Kubernetes Secrets Management with Dockhand Secrets Operator☆18Nov 24, 2025Updated 2 months ago
- Docker CI scripts☆12Nov 24, 2025Updated 2 months ago
- upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API☆21Updated this week
- Various tools, images, etc. to support the Wolfi OSS project☆27Updated this week
- GitHub actions for the chainguard-images☆21Updated this week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.�☆45Oct 30, 2023Updated 2 years ago
- ☆23Oct 26, 2021Updated 4 years ago
- ☆21Updated this week
- Go beyond package manager discovery for SBOM☆18Feb 22, 2022Updated 3 years ago
- ☆20Feb 5, 2026Updated last week
- Preview the gcloud api with fzf.☆26Aug 17, 2024Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- native go library for installation and management of apk packages☆32Jun 5, 2024Updated last year
- Publish a signed build provenance from your GitHub Actions workflow☆63May 21, 2024Updated last year
- K8s simple Go app example deployed with k14s tools☆31Jan 23, 2023Updated 3 years ago
- Library to work with linux namespaces in go☆34Jan 9, 2024Updated 2 years ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Oct 24, 2022Updated 3 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆71Feb 6, 2026Updated last week
- This repository stores meetings minutes for the SPDX project☆37Updated this week
- Helper methods for Magefiles☆32Jan 17, 2023Updated 3 years ago
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆144Jan 23, 2026Updated 3 weeks ago
- Security risk analysis for Kubernetes resources☆76Jan 23, 2025Updated last year
- Contains OPA Policies for Dockerfiles, Kubernetes YAMLs, Terraform, etc☆33Jun 10, 2025Updated 8 months ago
- Utility that converts SBOM documents from CycloneDX to SPDX☆33Jan 19, 2024Updated 2 years ago
- Demo repository showcasing how to use reusable workflows to build artifact attestations☆13Feb 2, 2026Updated last week
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆85Feb 3, 2026Updated last week