Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
☆60Mar 16, 2026Updated last week
Alternatives and similar repositories for example-supply-chain
Users that are interested in example-supply-chain are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Slack alert bot for matching Github Audit Events☆10Nov 12, 2024Updated last year
- A High-Availability distribution of Knative.☆20Mar 20, 2024Updated 2 years ago
- ☆24Updated this week
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- Various tools, images, etc. to support the Wolfi OSS project☆27Updated this week
- Template repository for testing CLI features of applications written in Go☆10Nov 14, 2021Updated 4 years ago
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- Example GRPC service☆11Feb 3, 2022Updated 4 years ago
- demo of keyless signing with the sigstore kubernetes policy controller☆11Sep 7, 2022Updated 3 years ago
- my goreleaser.yml files☆13Updated this week
- ☆20Feb 5, 2026Updated last month
- A utility to generate SPDX-compliant Bill of Materials manifests☆446Updated this week
- A single repo that shows terraform, terragrunt, helm & docker☆21Jun 8, 2022Updated 3 years ago
- Artifact Ratification Framework (CNCF Sandbox)☆287Mar 5, 2026Updated 2 weeks ago
- GitHub actions for the chainguard-images☆21Mar 16, 2026Updated last week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- General sigstore community repo☆45Mar 4, 2026Updated 2 weeks ago
- A collection of reusable Github Actions workflows.☆159Mar 17, 2026Updated last week
- A tool to create, transform and attest VEX metadata☆178Updated this week
- Build and deploy Go applications with Terraform☆31Mar 17, 2026Updated last week
- native go library for installation and management of apk packages☆31Jun 5, 2024Updated last year
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆145Mar 13, 2026Updated last week
- Demo app duplicated in 5 languages (Go/JavaScript/Python/Ruby/Rust) showing how to go from source code to container image using melange+a…☆37Dec 24, 2023Updated 2 years ago
- Comparison of Chainguard Images to others☆21Updated this week
- ☆23Mar 13, 2023Updated 3 years ago
- Operator deploying the Observatorium project☆14May 14, 2024Updated last year
- Interfaces and implementations for building Kubernetes releases.☆19Updated this week
- Performing secure code review with LLMs (and vibe coding IDEs)☆36Aug 5, 2025Updated 7 months ago
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- Golang libraries for multi-cluster-aware Kubernetes clients, listers and informers.☆21Feb 26, 2026Updated 3 weeks ago
- Plugin for Helm to integrate the sigstore ecosystem☆68Updated this week
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated 2 years ago
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- Helper methods for Magefiles☆32Jan 17, 2023Updated 3 years ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- Sigstore OIDC PKI☆814Updated this week
- Webhook service for Kubernetes LDAP authentication with the Webhook Token authentication plugin☆10Jun 17, 2020Updated 5 years ago