jenkinsci / in-toto-plugin
A Jenkins plugin to track steps and create in-toto link metadata
☆10Updated 9 months ago
Alternatives and similar repositories for in-toto-plugin:
Users that are interested in in-toto-plugin are comparing it to the libraries listed below
- Supply Chain Query Tool☆13Updated 2 years ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Updated last year
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆16Updated last week
- This tool allows using a SPIFFE JWT to authenticate to AWS APIs☆34Updated 9 months ago
- Sigstore user stories☆29Updated last year
- A proof-of-concept SLSA provenance generator for Jenkins☆20Updated 8 months ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated last week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆73Updated 6 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆61Updated this week
- ☆23Updated 2 years ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- A curated list of awesome CNAB (Cloud Native Applications Bundles) | https://cnab.io/☆16Updated 4 years ago
- Funding requests for project infrastructure, events, and consulting.☆17Updated last year
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated last year
- Mattermost builder☆11Updated 3 years ago
- ☆32Updated 5 years ago
- ☆20Updated 8 months ago
- A docker CLI plugin for verifying signed attestations on images☆13Updated last year
- Github Action implementation of SLSA Provenance Generation☆47Updated this week
- Create a dedicated IaaS instance per Pod to mitigate container breakout (including CPU vulnerabilities depending on the instance type)☆22Updated 5 years ago
- An SBOM query language and associated utilities☆54Updated last year
- Helm Chart for deploying GUAC☆16Updated last week
- Specification and other related documents.☆45Updated 2 months ago
- K8S Operator for Rekor☆20Updated 2 years ago
- Comparison of Chainguard Images to others☆18Updated this week
- To manage Docker Content Trust and Notary certificates☆12Updated this week
- Various tools, images, etc. to support the Wolfi OSS project☆21Updated 2 weeks ago
- A library for representing OCI image layers in an abstract filesystem☆27Updated 4 years ago
- Lint your Rego policies inside of Visual Studio Code☆16Updated 9 months ago