Supply Chain Integrity Model
☆106Jun 12, 2023Updated 2 years ago
Alternatives and similar repositories for scim
Users that are interested in scim are comparing it to the libraries listed below
Sorting:
- A CVRF CSAF Converter, taking care about OASIS specification.☆10Jun 4, 2025Updated 9 months ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆145Mar 13, 2026Updated last week
- Supply Chain Query Tool☆13May 25, 2022Updated 3 years ago
- This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.☆139Jul 12, 2022Updated 3 years ago
- A Java implementation of in-toto runlib☆11Jul 23, 2024Updated last year
- Red team tool that emulates the SolarWinds CI compromise attack vector.☆24Mar 15, 2024Updated 2 years ago
- ☆76Dec 10, 2025Updated 3 months ago
- Meeting materials☆19Feb 26, 2026Updated 3 weeks ago
- Community Specification 1.0☆74Feb 27, 2026Updated 3 weeks ago
- ☆22Nov 27, 2021Updated 4 years ago
- Scans SBOMs for vulnerabilities with Grype☆85Updated this week
- A community collection of security reviews of open source software components.☆98Feb 29, 2024Updated 2 years ago
- General sigstore community repo☆45Mar 4, 2026Updated 2 weeks ago
- Secvisogram is a web tool for creating and editing security advisories in the CSAF 2.0 format☆41Mar 12, 2026Updated last week
- Production grade Kubernetes controller for managing AWS Services using CRDs☆16Apr 8, 2020Updated 5 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Apr 22, 2025Updated 10 months ago
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- ☆102Sep 27, 2024Updated last year
- ☆11Apr 25, 2019Updated 6 years ago
- A rust implementation of in-toto☆36Feb 27, 2026Updated 3 weeks ago
- Repository for the CA/Browser Forum Code Signing Certificate Chartered Working Group☆29Jan 7, 2026Updated 2 months ago
- Project providing insights on the metaeffekt license database.☆12Feb 24, 2026Updated 3 weeks ago
- Supply-chain Levels for Software Artifacts☆1,823Mar 11, 2026Updated last week
- Hoppr Cop is a cli and python library that generates high quality vulnerability information from a cyclone-dx Software Bill of Materials …☆25Dec 16, 2024Updated last year
- A simple 'hello-world' app using SwiftGtk☆15Nov 27, 2020Updated 5 years ago
- Lockheed Martin developed utility to generate CycloneDX SBOMs for Linux distributions☆50Dec 2, 2025Updated 3 months ago
- Rust implementation of OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆28Jul 29, 2025Updated 7 months ago
- OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secon…☆211Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- CDK app to setup an isolated AWS network to experiment with ways of exfiltrating data☆18Nov 18, 2021Updated 4 years ago
- Sigstore's Protocol Buffer specifications☆34Mar 12, 2026Updated last week
- Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dock…☆1,014Mar 12, 2024Updated 2 years ago
- ☆17Updated this week
- in-toto is a framework to protect supply chain integrity.☆981Mar 9, 2026Updated last week
- verify https assets with a public transparency log☆75Oct 28, 2021Updated 4 years ago
- The International FOSS Law Book, v.2 and onwards☆15Jan 17, 2022Updated 4 years ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆218Oct 21, 2025Updated 4 months ago
- Open Source Software Secure Supply Chain Framework☆239Oct 28, 2022Updated 3 years ago