google / oss-rebuildLinks
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
☆637Updated this week
Alternatives and similar repositories for oss-rebuild
Users that are interested in oss-rebuild are comparing it to the libraries listed below
Sorting:
- Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system…☆340Updated 3 weeks ago
- A security layer for Git repositories☆539Updated last week
- OSV-SCALIBR: A library for Software Composition Analysis☆487Updated this week
- Dockerfile formatter. a modern dockfmt.☆533Updated last week
- Globstar is a fast, feature-rich, and open-source static analysis toolkit for writing and running code checkers. Based on tree-sitter.☆455Updated 2 months ago
- Resources for the deps.dev API☆336Updated last week
- Kingfisher is a blazingly fast tool for secret detection and live validation across files, Git repos, S3, Jira, and Confluence☆533Updated this week
- ☆449Updated this week
- like gofmt, but for jq☆371Updated last month
- ICANN implementation of the Registry Data Access Protocol (RDAP)☆387Updated last week
- Format agnostic SBOM tooling☆116Updated 2 weeks ago
- vet is a command-line tool that acts as a safety net for the risky curl | bash pattern. It lets you inspect, diff against previous versio…☆950Updated 2 weeks ago
- Declarative secrets, every environment, any provider.☆240Updated this week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆219Updated last week
- Protect against malicious open source packages 🤖☆691Updated this week
- Verify provenance from SLSA compliant builders☆281Updated last month
- Validate the isolation posture of your container environment.☆298Updated 3 weeks ago
- Common Release Data for various projects in a consumable format, automatically updated.☆177Updated this week
- Programmatic sandboxing tool☆248Updated last week
- Extract +700 technologies from any repository. Detect Languages, SaaS, Cloud, Infrastructure, Dependencies and Services☆355Updated 2 months ago
- A universal SBOM representation in protocol buffers☆298Updated last week
- Common go library shared across sigstore services and clients☆488Updated this week
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆869Updated last week
- Gonzo! The Go based TUI log analysis tool☆1,055Updated this week
- Software Supply Chain Security Platform☆348Updated last week
- OpenVEX Specification☆156Updated 3 months ago
- Throw a tag at it and it comes back with a checksum.☆149Updated this week
- hyperlight-wasm is a rust library crate that enables Wasm Modules and components to be run inside lightweight Virtual Machine backed Sand…☆622Updated this week
- #supply #chain #attack #detection☆546Updated this week
- You wouldnt Download an Ad. But you would block one.☆130Updated 2 months ago