Alternatives and similar repositories for compliance-to-policy-go

Users that are interested in compliance-to-policy-go are comparing it to the libraries listed below

• complytime / complyscribe
  A workflow automation tool for compliance content authoring
  ☆20Updated this week
• oscal-club / community
  The community area and documents about Code of Conduct.
  ☆18Updated 4 years ago
• oscal-compass / compliance-trestle
  An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
  ☆223Updated this week
• defenseunicorns-labs / lula1
  The Compliance Validator
  ☆184Updated last month
• ossf / gemara
  Minimizing rework for governance activities.
  ☆34Updated this week
• buildsec / frsca
  ☆253Updated this week
• GovTechSG / tech-standards
  ☆27Updated 3 months ago
• ossf / wg-orbit
  ORBIT: Open Resources for Baselines, Interoperability, and Tooling
  ☆20Updated last week
• httplock / httplock
  An http proxy for reproducibility.
  ☆19Updated 2 years ago
• RedHatProductSecurity / rapidast
  RapiDAST enables simple, continuous and fully automated application security testing
  ☆78Updated this week
• conforma / cli
  Conforma artifact verifier and policy checker
  ☆38Updated this week
• in-toto / archivista
  Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
  ☆103Updated this week
• in-toto / witness
  Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
  ☆511Updated last week
• ossf / s2c2f
  The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
  ☆221Updated 7 months ago
• spdx / ntia-conformance-checker
  Validate the SPDX SBOM against NTIA, CISA, and other minimum element requirements.
  ☆75Updated this week
• sigstore / community
  General sigstore community repo
  ☆44Updated last week
• openvex / vexctl
  A tool to create, transform and attest VEX metadata
  ☆169Updated this week
• sigstore / scaffolding
  Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.
  ☆70Updated last week
• RedHatProductSecurity / component-registry
  Component Registry (Corgi) aggregates component data across Red Hat's supported products, managed services, and internal product pipeline…
  ☆17Updated 11 months ago
• in-toto / ITE
  in-toto Enhancements
  ☆18Updated 10 months ago
• AevaOnline / supply-chain-synthesis
  Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.
  ☆33Updated 2 years ago
• repository-service-tuf / repository-service-tuf
  Umbrella Repository Service for TUF
  ☆57Updated last week
• GSA / fedramp-automation
  FedRAMP Automation
  ☆348Updated 8 months ago
• ossf / wg-supply-chain-integrity
  Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
  ☆195Updated 3 weeks ago
• interlynk-io / sbomqs
  sbomqs: The Comprehensive SBOM Quality & Compliance Tool
  ☆258Updated last week
• openvex / spec
  OpenVEX Specification
  ☆164Updated 6 months ago
• nyph-infosec / daggerboard
  ☆102Updated last year
• in-toto / scai-demos
  Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools
  ☆18Updated last week
• eBay / sbom-scorecard
  Generate a score for your sbom to understand if it will actually be useful.
  ☆235Updated last year
• anchore / grant
  A license scanner for container images and filesystems.
  ☆127Updated this week