ossf / great-mfa-projectLinks
The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects.
☆54Updated 3 years ago
Alternatives and similar repositories for great-mfa-project
Users that are interested in great-mfa-project are comparing it to the libraries listed below
Sorting:
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated 2 years ago
- Technical Advisory Council☆131Updated 2 weeks ago
- TUF repository for Sigstore trust root☆109Updated this week
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Sigstore user stories☆30Updated 2 years ago
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆33Updated 6 months ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆87Updated last month
- verify https assets with a public transparency log☆75Updated 4 years ago
- Log monitor for Rekor to verify immutability and monitor entries☆39Updated last week
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆98Updated last week
- Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations☆58Updated this week
- ☆24Updated 2 years ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 9 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- ☆30Updated this week
- ☆11Updated last week
- A TUF repository and signing tool☆42Updated this week
- Go module to generate and transform VEX documents☆48Updated 2 weeks ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆130Updated 9 months ago
- ☆23Updated 2 years ago
- go library for processing container images and simulating a squash filesystem☆97Updated 2 weeks ago
- An access-limiting stateless GitHub API Proxy☆149Updated 3 years ago
- Specification and other related documents.☆49Updated 9 months ago
- K8S Operator for Rekor☆20Updated 2 years ago
- Witness Examples☆11Updated last year
- General sigstore community repo☆42Updated last week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆66Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated last week
- A CLI tool for creating secure by design/default source repos.☆28Updated last year