Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
☆59Feb 23, 2026Updated last week
Alternatives and similar repositories for example-supply-chain
Users that are interested in example-supply-chain are comparing it to the libraries listed below
Sorting:
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- A High-Availability distribution of Knative.☆20Mar 20, 2024Updated last year
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- ☆24Feb 17, 2026Updated 2 weeks ago
- Various tools, images, etc. to support the Wolfi OSS project☆27Updated this week
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- Template repository for testing CLI features of applications written in Go☆10Nov 14, 2021Updated 4 years ago
- demo of keyless signing with the sigstore kubernetes policy controller☆11Sep 7, 2022Updated 3 years ago
- Slack alert bot for matching Github Audit Events☆10Nov 12, 2024Updated last year
- A single repo that shows terraform, terragrunt, helm & docker☆21Jun 8, 2022Updated 3 years ago
- ☆20Feb 5, 2026Updated 3 weeks ago
- Example GRPC service☆11Feb 3, 2022Updated 4 years ago
- my goreleaser.yml files☆13Updated this week
- Comparison of Chainguard Images to others☆21Updated this week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- Talos in Kubernetes☆24Aug 20, 2024Updated last year
- native go library for installation and management of apk packages☆32Jun 5, 2024Updated last year
- Demo app duplicated in 5 languages (Go/JavaScript/Python/Ruby/Rust) showing how to go from source code to container image using melange+a…☆37Dec 24, 2023Updated 2 years ago
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- GitHub actions for the chainguard-images☆21Updated this week
- A collection of reusable Github Actions workflows.☆159Updated this week
- Trivy plugin for OCI referrers☆23May 13, 2024Updated last year
- nginx image demo☆19Sep 11, 2023Updated 2 years ago
- A utility to generate SPDX-compliant Bill of Materials manifests☆443Updated this week
- Golang libraries for multi-cluster-aware Kubernetes clients, listers and informers.☆21Feb 23, 2026Updated last week
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- Ephemeral Clusters as a Service with ClusterAPI and GitOps☆19May 14, 2023Updated 2 years ago
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated last year
- ☆35Nov 19, 2021Updated 4 years ago
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆160Updated this week
- A tool to create, transform and attest VEX metadata☆176Updated this week
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42May 11, 2023Updated 2 years ago
- sigstore installation walkthrough, local☆62Dec 8, 2025Updated 2 months ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- Sigstore user stories☆31Aug 25, 2023Updated 2 years ago
- ☆23Mar 13, 2023Updated 2 years ago
- Build multi-architecture container images on Google Cloud☆24Aug 6, 2024Updated last year
- Falco Rules helpers for VSCode☆12Jul 19, 2023Updated 2 years ago
- Dynamic GitHub Actions from Wolfi packages☆44May 15, 2025Updated 9 months ago