google / oss-rebuildLinks
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
☆42Updated this week
Alternatives and similar repositories for oss-rebuild
Users that are interested in oss-rebuild are comparing it to the libraries listed below
Sorting:
- A TUF repository and signing tool☆37Updated this week
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated 2 months ago
- ☆57Updated 3 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆79Updated 9 months ago
- TUF repository for Sigstore trust root☆105Updated this week
- Supply Chain Query Tool☆13Updated 3 years ago
- Signature Transparency Log designed for ease of use, low cost, and minimal maintenance☆15Updated last week
- ☆20Updated last week
- OpenVEX Specification☆151Updated 2 weeks ago
- Format agnostic SBOM tooling☆108Updated this week
- ☆10Updated last year
- A place to systematically store software bill of materials (SBOM) documents.☆46Updated 2 years ago
- TACOS framework structural details☆20Updated last month
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- ☆11Updated 4 months ago
- in-toto Enhancements☆19Updated 4 months ago
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Updated 2 years ago
- SPDX Merge tool☆45Updated 2 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 4 months ago
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools☆18Updated this week
- [Experimental] jail for Go modules☆91Updated 2 weeks ago
- Tool for collecting vulnerability data from various sources (used to build the grype database)☆99Updated this week
- Log monitor for Rekor to verify immutability and monitor entries☆36Updated this week
- ☆62Updated 11 months ago
- ☆26Updated 2 weeks ago
- Purpose-built security agent for hosted runners☆36Updated last month
- Go implementation of witness☆37Updated this week
- An Architecture for Trustworthy Digital Supply Chain Transparency Services☆13Updated this week
- A CLI tool for creating secure by design/default source repos.☆25Updated 10 months ago
- The model for the information captured in SPDX version 3 standard.☆85Updated this week