Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
☆103Apr 23, 2024Updated last year
Alternatives and similar repositories for s3cme
Users that are interested in s3cme are comparing it to the libraries listed below
Sorting:
- ☆20Feb 5, 2026Updated last month
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- Throw a tag at it and it comes back with a checksum.☆156Updated this week
- sigstore installation walkthrough, local☆62Dec 8, 2025Updated 2 months ago
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆63Aug 4, 2021Updated 4 years ago
- A tool to audit Erlang & Elixir dependencies, to make sure your ✨ gleam projects really sparkle!☆23Jan 5, 2026Updated 2 months ago
- A Golang program to rotate AWS & GCP account keys☆67May 12, 2025Updated 9 months ago
- ☆29Aug 9, 2024Updated last year
- Terraform provider to perform OCI image operations☆15Updated this week
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Jan 26, 2026Updated last month
- #supply #chain #attack #detection☆646Updated this week
- ☆26Aug 31, 2023Updated 2 years ago
- A single repo that shows terraform, terragrunt, helm & docker☆21Jun 8, 2022Updated 3 years ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆26Dec 17, 2024Updated last year
- ☆11Nov 11, 2022Updated 3 years ago
- Kubernetes tools in a "distroless" container☆13Oct 30, 2023Updated 2 years ago
- Compares and analyzes GCP IAM roles.☆78Mar 9, 2025Updated 11 months ago
- Format agnostic SBOM tooling☆133Nov 20, 2025Updated 3 months ago
- ☆24May 1, 2024Updated last year
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Dec 21, 2022Updated 3 years ago
- Query all kubernetes clusters at once using a kubectl wrapper☆13Nov 30, 2020Updated 5 years ago
- A Go library for acquiring a forward-looking lock in Google Cloud Storage.☆15Mar 13, 2025Updated 11 months ago
- A library for representing OCI image layers in an abstract filesystem☆27Jul 9, 2020Updated 5 years ago
- ☆86Feb 4, 2026Updated last month
- 🧪 Correlate Semgrep scans with Python test coverage to prioritize SAST findings and get bug fix suggestions via a self-hosted LLM.☆42Dec 12, 2024Updated last year
- Comparison of Chainguard Images to others☆21Updated this week
- Utility for bulk image, license, package, and vulnerability discovery in containerize workloads on GCP. Includes CLI and Service with cus…☆13Feb 15, 2024Updated 2 years ago
- Generate a score for your sbom to understand if it will actually be useful.☆238Aug 13, 2024Updated last year
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆313Updated this week
- EKS NG AMI Updater is an open source project that can be used to update kubernetes node group images.☆28Feb 20, 2026Updated 2 weeks ago
- ☆76Oct 18, 2025Updated 4 months ago
- BadRobot - Operator Security Audit Tool☆225Feb 2, 2026Updated last month
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆73Updated this week
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆59Updated this week
- ☆13Jan 30, 2025Updated last year
- A place to systematically store software bill of materials (SBOM) documents.☆50Jun 1, 2023Updated 2 years ago
- native go library for installation and management of apk packages☆32Jun 5, 2024Updated last year
- The home for CloudNative.tv the definitive interactive media experience for learning and growing in cloud native☆37Sep 20, 2021Updated 4 years ago