fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl where to grab the attestation from.
☆11Jan 26, 2026Updated last month
Alternatives and similar repositories for fatt
Users that are interested in fatt are comparing it to the libraries listed below
Sorting:
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- ☆11Nov 11, 2022Updated 3 years ago
- Docker CI scripts☆12Nov 24, 2025Updated 3 months ago
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- GitHub actions for the chainguard-images☆21Updated this week
- A proof-of-concept SLSA provenance generator for Jenkins☆24Jul 29, 2024Updated last year
- ☆11Jan 14, 2026Updated last month
- An example repo demonstrating keyless signing with Github Actions☆11May 24, 2022Updated 3 years ago
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Oct 24, 2022Updated 3 years ago
- Demos and resources of the Istio + Gatekeeper talks at IstioCon 2022 and GitOpsCon 2022☆14Sep 4, 2023Updated 2 years ago
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- Crossplane provider for OpenStack resources☆13Jun 22, 2021Updated 4 years ago
- Overview of philips-labs helm charts☆17Feb 24, 2026Updated last week
- rbenv plugin for chef-workstation☆16Oct 20, 2021Updated 4 years ago
- Generates SPDX bill-of-material files from a package input and license scan☆13Apr 15, 2024Updated last year
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆72Updated this week
- sigstore installation walkthrough, local☆62Dec 8, 2025Updated 2 months ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Jan 27, 2025Updated last year
- ☆58Jun 1, 2022Updated 3 years ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆18Updated this week
- ☆15Mar 9, 2023Updated 2 years ago
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated last year
- Automated Terraform cloud and enterprise drift detection☆38Feb 11, 2026Updated 3 weeks ago
- Monorepo for Identity Box☆20Aug 11, 2024Updated last year
- How small can a Java application container image be☆21Feb 17, 2023Updated 3 years ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- Go beyond package manager discovery for SBOM☆18Feb 22, 2022Updated 4 years ago
- in-toto Enhancements☆20Feb 17, 2025Updated last year
- ☆26Aug 31, 2023Updated 2 years ago
- A java api and command line tool for scanning, reporting and fixing a git repository's InnerSource Readiness based on a supplied specific…☆20Sep 8, 2023Updated 2 years ago
- ☆20Feb 5, 2026Updated 3 weeks ago
- Transparenty Immutable Container Image Tags☆20Jul 5, 2023Updated 2 years ago
- Specification and other related documents.☆50Jan 13, 2025Updated last year
- Lab environment to accompany Boundary Vault Integration Quickstart Learn tutorial.☆22Nov 25, 2024Updated last year
- ☆23Jan 16, 2025Updated last year
- ☆255Feb 23, 2026Updated last week