Alternatives and similar repositories for generate-build-provenance

Users that are interested in generate-build-provenance are comparing it to the libraries listed below

• actions / attest
  Action for generating attestations for workflow artifacts
  ☆52Updated last week
• github / actions-oidc-debugger
  An Action for printing OIDC claims in GitHub Actions.
  ☆96Updated last week
• ossf / scorecard-action
  Official GitHub Action for OpenSSF Scorecard.
  ☆311Updated last week
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆267Updated this week
• github / evergreen
  GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.ya…
  ☆200Updated last week
• sigstore / sigstore-js
  Code-signing for npm packages
  ☆164Updated last week
• sigstore / sigstore-go
  Go library for Sigstore signing and verification
  ☆71Updated last week
• actions / runner-container-hooks
  Runner Container Hooks for GitHub Actions
  ☆95Updated 2 weeks ago
• actions / partner-runner-images
  About GitHub Actions runner images provided by 3rd parties
  ☆133Updated last week
• stacklok / frizbee
  Throw a tag at it and it comes back with a checksum.
  ☆138Updated last week
• github-community-projects / private-mirrors
  A GitHub App that allows you to contribute upstream using private mirrors of public projects
  ☆163Updated 2 weeks ago
• google / osv-scanner-action
  ☆33Updated last week
• sigstore / cosign-installer
  Cosign Github Action
  ☆148Updated last week
• GitHubSecurityLab / actions-permissions
  GitHub token permissions Monitor and Advisor actions
  ☆315Updated last month
• actions / publish-immutable-action
  A GitHub Action used for publishing an Action to ghcr.io as an OCI container.
  ☆88Updated 2 weeks ago
• octo-sts / app
  A GitHub App that acts like a Security Token Service (STS) for the Github API
  ☆196Updated this week
• github / dependabot-action
  Runs Dependabot Updates via GitHub Actions.
  ☆100Updated this week
• sigstore / root-signing
  TUF repository for Sigstore trust root
  ☆105Updated this week
• github / dependency-submission-toolkit
  A TypeScript library for creating dependency snapshots.
  ☆48Updated last week
• sigstore / rekor-monitor
  Log monitor for Rekor to verify immutability and monitor entries
  ☆36Updated this week
• crazy-max / ghaction-github-runtime
  GitHub Action to expose GitHub runtime to the workflow
  ☆74Updated 2 weeks ago
• docker / buildkit-syft-scanner
  BuildKit Syft scanner
  ☆32Updated last month
• slsa-framework / slsa-github-generator
  Language-agnostic SLSA provenance generation for Github Actions
  ☆478Updated last month
• github / combine-prs
  GitHub Action to combine multiple PRs into a single one
  ☆129Updated 3 months ago
• step-security / secure-repo
  Orchestrate GitHub Actions Security
  ☆289Updated 2 weeks ago
• sigstore / rekor-search-ui
  Search Rekor for entries
  ☆34Updated 2 months ago
• slsa-framework / slsa-github-generator-go
  ☆57Updated 3 years ago
• codecov / codecov-cli
  Codecov's Command Line Interface. Used for uploading to Codecov in your CI, Test Labelling, Local Upload, and more
  ☆71Updated this week
• AkihiroSuda / gomodjail
  [Experimental] jail for Go modules
  ☆91Updated 2 weeks ago
• in-toto / attestation
  in-toto Attestation Framework
  ☆278Updated last week