Alternatives and similar repositories for generate-build-provenance:

Users that are interested in generate-build-provenance are comparing it to the libraries listed below

• actions / publish-immutable-action
  A GitHub Action used for publishing an Action to ghcr.io as an OCI container.
  ☆63Updated 4 months ago
• actions / attest
  Action for generating attestations for workflow artifacts
  ☆44Updated last week
• github / dependency-submission-toolkit
  A TypeScript library for creating dependency snapshots.
  ☆46Updated last week
• actions / runner-container-hooks
  Runner Container Hooks for GitHub Actions
  ☆85Updated 4 months ago
• sigstore / sigstore-go
  Go library for Sigstore signing and verification
  ☆58Updated this week
• ossf / scorecard-action
  Official GitHub Action for OpenSSF Scorecard.
  ☆287Updated this week
• sigstore / sigstore-js
  Code-signing for npm packages
  ☆161Updated last week
• step-security / agent
  Purpose-built security agent for hosted runners
  ☆30Updated 7 months ago
• github / actions-oidc-debugger
  An Action for printing OIDC claims in GitHub Actions.
  ☆83Updated this week
• actions / partner-runner-images
  About GitHub Actions runner images provided by 3rd parties
  ☆106Updated last week
• github / dependabot-action
  Runs Dependabot Updates via GitHub Actions.
  ☆95Updated this week
• github / stale-repos
  Find stale repositories in a GitHub organization.
  ☆154Updated last week
• stacklok / frizbee
  Throw a tag at it and it comes back with a checksum.
  ☆114Updated this week
• crazy-max / ghaction-github-runtime
  GitHub Action to expose GitHub runtime to the workflow
  ☆69Updated 2 weeks ago
• sigstore / rekor-monitor
  Log monitor for Rekor to verify immutability and monitor entries
  ☆31Updated this week
• google / osv-scanner-action
  ☆20Updated this week
• fossas / fossa-action
  Find license compliance and security issues in your applications with FOSSA and GitHub Actions.
  ☆51Updated last month
• slsa-framework / slsa-verifier
  Verify provenance from SLSA compliant builders
  ☆249Updated 2 weeks ago
• sigstore / cosign-installer
  Cosign Github Action
  ☆140Updated 3 weeks ago
• github-community-projects / private-mirrors
  A GitHub App that allows you to contribute upstream using private mirrors of public projects
  ☆161Updated this week
• github / combine-prs
  GitHub Action to combine multiple PRs into a single one
  ☆121Updated 3 weeks ago
• docker / buildkit-syft-scanner
  BuildKit Syft scanner
  ☆29Updated last month
• actions / publish-action
  ☆44Updated last week
• sigstore / rekor-search-ui
  Search Rekor for entries
  ☆31Updated last week
• dependabot / fetch-metadata
  Extract information about the dependencies being updated by a Dependabot-generated PR.
  ☆209Updated last month
• anchore / sbom-action
  GitHub Action for creating software bill of materials using Syft.
  ☆176Updated 2 weeks ago
• microsoft / sarif-js-sdk
  JavaScript code and supporting files for working with the 'Static Analysis Results Interchange Format' (SARIF, see https://github.com/oas…
  ☆27Updated 9 months ago
• AkihiroSuda / gomodjail
  [Experimental] jail for Go modules
  ☆75Updated this week
• sigstore / root-signing
  TUF repository for Sigstore trust root
  ☆95Updated this week
• ossf / scorecard-monitor
  Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts
  ☆33Updated last month