evryfs / sbom-dependency-submission-actionLinks
Submit SBOMs to GitHub's dependency submission API
☆14Updated 2 years ago
Alternatives and similar repositories for sbom-dependency-submission-action
Users that are interested in sbom-dependency-submission-action are comparing it to the libraries listed below
Sorting:
- GitHub Action for creating software bill of materials using Syft.☆200Updated this week
- Dynamic GitHub Actions from Wolfi packages☆44Updated 3 months ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated last week
- Github Action implementation of SLSA Provenance Generation☆50Updated last week
- Helm charts for sigstore project☆79Updated this week
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Updated 3 years ago
- Plugin for retrieving Dependencytrack metrics in Backstage☆20Updated 11 months ago
- Automating Compliance Tooling Project☆21Updated 3 years ago
- CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices☆136Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- Trivy plugin for OCI referrers☆23Updated last year
- Helm charts for verifying artifact attestations in Kubernetes☆17Updated this week
- A tool to create, transform and attest VEX metadata☆152Updated this week
- nginx image demo☆19Updated last year
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆84Updated last month
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆65Updated this week
- Plugin for Helm to integrate the sigstore ecosystem☆65Updated 2 weeks ago
- Search an SBOM for licenses and the packages they belong to☆100Updated this week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆43Updated last year
- SPDX Merge tool☆47Updated 4 months ago
- Generates SPDX bill-of-material files from a package input and license scan☆13Updated last year
- ☆57Updated 3 years ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- Utility that provides an API and CLI to identify licenses and legal terms☆51Updated last month
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆99Updated this week
- sbomasm: The Complete SBOM Management Toolkit☆75Updated this week
- GitHub actions for the chainguard-images☆20Updated 2 weeks ago
- Transparenty Immutable Container Image Tags☆20Updated 2 years ago
- Enrich SBOMs with data from third party services☆189Updated this week
- Cosign Github Action☆154Updated last week