jenkinsci / in-toto-plugin
A Jenkins plugin to track steps and create in-toto link metadata
☆11Updated 9 months ago
Alternatives and similar repositories for in-toto-plugin:
Users that are interested in in-toto-plugin are comparing it to the libraries listed below
- Supply Chain Query Tool☆13Updated 2 years ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Updated last year
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated last year
- A curated list of awesome CNAB (Cloud Native Applications Bundles) | https://cnab.io/☆16Updated 4 years ago
- A proof-of-concept SLSA provenance generator for Jenkins☆21Updated 8 months ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆16Updated last month
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆62Updated this week
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆75Updated 7 months ago
- This tool allows using a SPIFFE JWT to authenticate to AWS APIs☆34Updated 10 months ago
- Create a dedicated IaaS instance per Pod to mitigate container breakout (including CPU vulnerabilities depending on the instance type)☆22Updated 5 years ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated this week
- Mattermost builder☆11Updated 3 years ago
- ☆20Updated 8 months ago
- Sigstore user stories☆30Updated last year
- Pluggable generator for creating, using and sharing reusable templates that can be applied directly, generated into operator, helm chart …☆11Updated 3 years ago
- A library for representing OCI image layers in an abstract filesystem☆27Updated 4 years ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 2 months ago
- Kubernetes security scanner based on the open-source container vulnerability scanner Trivy.☆23Updated 4 years ago
- Transparenty Immutable Container Image Tags☆20Updated last year
- Go beyond package manager discovery for SBOM☆18Updated 3 years ago
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated 2 years ago
- Tool providing easy IAM setup on EKS for Amazon Managed Service for Prometheus (AMP) users.☆11Updated last year
- K8S Operator for Rekor☆20Updated 2 years ago
- Go module to generate and transform VEX documents☆39Updated last week
- ☆23Updated 3 years ago
- Lint your Rego policies inside of Visual Studio Code☆16Updated 10 months ago
- Sigstore's Protocol Buffer specifications☆28Updated this week
- Funding requests for project infrastructure, events, and consulting.☆17Updated last year