Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.
☆202Jan 15, 2026Updated 2 months ago
Alternatives and similar repositories for wg-supply-chain-integrity
Users that are interested in wg-supply-chain-integrity are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed co…☆223Apr 23, 2024Updated last year
- OpenSSF Security Tooling Working Group☆321Jul 6, 2025Updated 8 months ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆215Feb 4, 2026Updated last month
- Helping allocate resources to secure the critical open source projects we all depend on.☆389May 8, 2025Updated 10 months ago
- The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for ope…☆1,003Updated this week
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- OpenSSF Working Group on Securing Software Repositories☆128Dec 18, 2025Updated 3 months ago
- ☆76Dec 10, 2025Updated 3 months ago
- OpenSSF Project Template☆23Nov 29, 2023Updated 2 years ago
- A community collection of security reviews of open source software components.☆99Feb 29, 2024Updated 2 years ago
- Technical Advisory Council☆136Mar 18, 2026Updated last week
- Supply-chain Levels for Software Artifacts☆1,830Mar 11, 2026Updated 2 weeks ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆95Nov 10, 2025Updated 4 months ago
- ☆256Updated this week
- OpenSSF Governance and Legal Docs☆76Sep 9, 2025Updated 6 months ago
- NordVPN Threat Protection Pro™ • AdTake your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
- sigstore the hard way!☆118Aug 6, 2025Updated 7 months ago
- A universal SBOM representation in protocol buffers☆321Mar 2, 2026Updated 3 weeks ago
- SLSA implementation of Community Specification governance☆24Jan 15, 2026Updated 2 months ago
- GUAC aggregates software security metadata into a high fidelity graph database.☆1,462Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 3 years ago
- ☆41Jul 9, 2020Updated 5 years ago
- OpenVEX Specification☆171Jan 16, 2026Updated 2 months ago
- An http proxy for reproducibility.☆19Jan 10, 2023Updated 3 years ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆105Feb 11, 2026Updated last month
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Go implementation of The Update Framework heavily influenced by python-tuf☆14Mar 7, 2024Updated 2 years ago
- Collection of tools for analyzing open source packages.☆358Mar 9, 2026Updated 2 weeks ago
- Witness Examples☆12Feb 27, 2024Updated 2 years ago
- A documentation and tracking project with the goal of making package management systems more secure.☆51Mar 5, 2021Updated 5 years ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆106Updated this week
- Given a buildinfo file from a Debian package, generate instructions for attempting to reproduce the binary packages built from the associ…☆17Sep 24, 2022Updated 3 years ago
- Supply Chain Security in Tekton Pipelines☆270Updated this week
- Vuln Disclosure WG's new SIG☆11Jan 2, 2024Updated 2 years ago
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆76Updated this week
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- in-toto is a framework to protect supply chain integrity.☆987Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.☆33Apr 4, 2023Updated 2 years ago
- A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in suppo…☆14Feb 17, 2023Updated 3 years ago
- Automating Compliance Tooling Project☆22Jan 28, 2022Updated 4 years ago
- Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.☆21Mar 16, 2026Updated 2 weeks ago
- Software Supply Chain Transparency Log☆1,103Mar 23, 2026Updated last week
- Cryptographic and general-purpose routines for Golang Secure Systems Lab projects at NYU☆28Mar 12, 2026Updated 2 weeks ago