fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl where to grab the attestation from.
☆11Mar 19, 2026Updated this week
Alternatives and similar repositories for fatt
Users that are interested in fatt are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- GitHub actions for the chainguard-images☆21Mar 16, 2026Updated last week
- Docker CI scripts☆12Nov 24, 2025Updated 4 months ago
- ☆11Nov 11, 2022Updated 3 years ago
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- Generates SPDX bill-of-material files from a package input and license scan☆13Apr 15, 2024Updated last year
- Monorepo for Identity Box☆20Aug 11, 2024Updated last year
- Overview of philips-labs helm charts☆17Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- ☆58Jun 1, 2022Updated 3 years ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Jan 27, 2025Updated last year
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- A java api and command line tool for scanning, reporting and fixing a git repository's InnerSource Readiness based on a supplied specific…☆20Sep 8, 2023Updated 2 years ago
- Run ORT in your GitHub action workflow to do licensing, security and best practices checks and generate reports/SBOMs☆33Feb 24, 2026Updated last month
- A proof-of-concept SLSA provenance generator for Jenkins☆24Jul 29, 2024Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- Automated Terraform cloud and enterprise drift detection☆38Feb 11, 2026Updated last month
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- An example repo demonstrating keyless signing with Github Actions☆11May 24, 2022Updated 3 years ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Oct 24, 2022Updated 3 years ago
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- sigstore installation walkthrough, local☆63Dec 8, 2025Updated 3 months ago
- rbenv plugin for chef-workstation☆16Oct 20, 2021Updated 4 years ago
- ☆11Jan 14, 2026Updated 2 months ago
- AWS ECR scanning slack notifications☆13Jul 19, 2023Updated 2 years ago
- playing music using the MRI gradient system☆15Oct 4, 2020Updated 5 years ago
- Integrates Spiffe and Vault to have secretless authentication☆99Updated this week
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- ☆255Mar 16, 2026Updated last week
- Crossplane provider for OpenStack resources☆13Jun 22, 2021Updated 4 years ago
- Specification and other related documents.☆50Jan 13, 2025Updated last year
- Basic integration of truffle and React front-end based on the create-react-app without resorting to the 'reject' mode.☆13Sep 6, 2018Updated 7 years ago
- Go beyond package manager discovery for SBOM☆18Feb 22, 2022Updated 4 years ago
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated 2 years ago
- ☆26Aug 31, 2023Updated 2 years ago
- Windows SSPI wrapper in prue python☆15Nov 29, 2023Updated 2 years ago
- ☆20Feb 5, 2026Updated last month
- Go implementation for CNAB content trust verification using TUF, Notary, and in-toto☆31Jul 5, 2023Updated 2 years ago