ossf / great-mfa-project
The Great Multi-Factor Authentication (MFA) Distribution Project of the Open Source Security Foundation (OpenSSF). We work to distribute hardware MFA tokens to critical open source software (OSS) projects.
☆54Updated 3 years ago
Alternatives and similar repositories for great-mfa-project:
Users that are interested in great-mfa-project are comparing it to the libraries listed below
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 2 weeks ago
- Technical Advisory Council☆116Updated last week
- Sigstore user stories☆29Updated last year
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆70Updated 5 months ago
- TUF repository for Sigstore trust root☆96Updated this week
- ☆27Updated this week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- OpenVEX Specification☆141Updated 7 months ago
- A CLI used to work with the Wolfi OSS project☆60Updated this week
- TACOS framework structural details☆20Updated last year
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆31Updated last year
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆119Updated 3 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆178Updated 11 months ago
- An SBOM query language and associated utilities☆54Updated last year
- Log monitor for Rekor to verify immutability and monitor entries☆30Updated this week
- OpenSSF Working Group on Securing Software Repositories☆97Updated 3 months ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆60Updated this week
- OPENSSF SECURITY INSIGHTS: Repository for development of the draft standard, where requests for modification should be made via Github Is…☆56Updated 3 weeks ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- ☆60Updated 6 months ago
- Specification and other related documents.☆44Updated last month
- verify https assets with a public transparency log☆75Updated 3 years ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆127Updated last year
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆79Updated this week
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 11 months ago
- Go library for Sigstore signing and verification☆54Updated this week
- Visualizer for GUAC☆28Updated 3 weeks ago
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Updated last year