Submit SBOMs to GitHub's dependency submission API
☆18Dec 4, 2025Updated 3 months ago
Alternatives and similar repositories for sbom-dependency-submission-action
Users that are interested in sbom-dependency-submission-action are comparing it to the libraries listed below
Sorting:
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- ☆11Nov 11, 2022Updated 3 years ago
- Kubernetes tools in a "distroless" container☆13Oct 30, 2023Updated 2 years ago
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- Demo app duplicated in 5 languages (Go/JavaScript/Python/Ruby/Rust) showing how to go from source code to container image using melange+a…☆37Dec 24, 2023Updated 2 years ago
- my goreleaser.yml files☆13Updated this week
- To manage Docker Content Trust and Notary certificates☆13Mar 2, 2026Updated last week
- Comparison of Chainguard Images to others☆21Updated this week
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆59Updated this week
- ☆58Jun 1, 2022Updated 3 years ago
- Simplify Kubernetes Secrets Management with Dockhand Secrets Operator☆19Nov 24, 2025Updated 3 months ago
- Various tools, images, etc. to support the Wolfi OSS project☆27Updated this week
- Docker CI scripts☆12Nov 24, 2025Updated 3 months ago
- upload an SPDX 2.2 formatted SBOM to GitHub's dependency submission API☆23Updated this week
- GitHub actions for the chainguard-images☆21Updated this week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- ☆23Oct 26, 2021Updated 4 years ago
- ☆21Updated this week
- Go beyond package manager discovery for SBOM☆18Feb 22, 2022Updated 4 years ago
- ☆20Feb 5, 2026Updated last month
- Preview the gcloud api with fzf.☆26Aug 17, 2024Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆73Updated this week
- native go library for installation and management of apk packages☆32Jun 5, 2024Updated last year
- Publish a signed build provenance from your GitHub Actions workflow☆63May 21, 2024Updated last year
- Library to work with linux namespaces in go☆34Jan 9, 2024Updated 2 years ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Oct 24, 2022Updated 3 years ago
- K8s simple Go app example deployed with k14s tools☆31Jan 23, 2023Updated 3 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆75Updated this week
- This repository stores meetings minutes for the SPDX project☆39Updated this week
- Helper methods for Magefiles☆32Jan 17, 2023Updated 3 years ago
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆145Feb 27, 2026Updated last week
- Security risk analysis for Kubernetes resources☆76Jan 23, 2025Updated last year
- Utility that converts SBOM documents from CycloneDX to SPDX☆33Jan 19, 2024Updated 2 years ago
- Contains OPA Policies for Dockerfiles, Kubernetes YAMLs, Terraform, etc☆33Jun 10, 2025Updated 8 months ago
- Demo repository showcasing how to use reusable workflows to build artifact attestations☆14Feb 16, 2026Updated 3 weeks ago
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆86Updated this week