in-toto / community
in-toto is a framework to secure the software supply chain.
☆66Updated 2 months ago
Related projects: ⓘ
- A tool to create, transform and attest VEX metadata☆109Updated last week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- ☆56Updated 2 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆57Updated this week
- Format agnostic SBOM tooling☆63Updated this week
- OpenVEX Specification☆125Updated 2 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆66Updated last week
- An SBOM query language and associated utilities☆54Updated 7 months ago
- Scans SBOMs for vulnerabilities with Grype☆79Updated last week
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆30Updated 8 months ago
- Runtime security plug to protect user containers☆64Updated this week
- ☆19Updated this week
- SPDX Merge tool☆39Updated last week
- ☆30Updated 4 months ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆86Updated 2 weeks ago
- Enrich SBOMs with data from third party services☆108Updated 3 weeks ago
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆123Updated last week
- Tornjak is a UI and management layer used for brokering human access to one or more SPIRE deployments☆74Updated this week
- A BOM repository server for distributing CycloneDX BOMs☆73Updated 6 months ago
- A CLI used to work with the Wolfi OSS project☆53Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated last year
- Integrates Spiffe and Vault to have secretless authentication☆82Updated last week
- sigstore the hard way!☆110Updated 4 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- ☆25Updated this week
- ☆14Updated 10 months ago
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆58Updated 10 months ago
- A CLI tool for creating secure by design/default source repos.☆24Updated last month
- Kubernetes audit logging, when you don't control the control plane☆64Updated this week