Github Action implementation of SLSA Provenance Generation
☆50Jun 29, 2026Updated last week
Alternatives and similar repositories for slsa-provenance-action
Users that are interested in slsa-provenance-action are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Nov 1, 2022Updated 3 years ago
- GitHub actions for the chainguard-images☆21Updated this week
- ☆57Jun 1, 2022Updated 4 years ago
- Integrates Spiffe and Vault to have secretless authentication☆100Updated this week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- Submit SBOMs to GitHub's dependency submission API☆19Dec 4, 2025Updated 7 months ago
- GitHub action to produce a SBOM report from a given Black Duck project☆12Feb 5, 2026Updated 5 months ago
- ☆11Nov 11, 2022Updated 3 years ago
- Generates SPDX bill-of-material files from a package input and license scan☆13Apr 15, 2024Updated 2 years ago
- create issues from a syndication feed (RSS or Atom).☆16Jun 22, 2026Updated 2 weeks ago
- Docker CI scripts☆12Nov 24, 2025Updated 7 months ago
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- A proof-of-concept SLSA provenance generator for Jenkins☆25Jul 29, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆534Jun 29, 2026Updated last week
- Lambda function for verifying signed images in ECS☆38Mar 9, 2024Updated 2 years ago
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆369Jun 7, 2026Updated last month
- Helm charts for sigstore project☆92Jun 29, 2026Updated last week
- kubectl plugin for signing Kubernetes manifest YAML files with sigstore☆88May 28, 2026Updated last month
- A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.☆150Jun 5, 2026Updated last month
- Helm charts for verifying artifact attestations in Kubernetes☆24Jun 29, 2026Updated last week
- ☆259Jul 1, 2026Updated last week
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Language-agnostic SLSA provenance generation for Github Actions☆582Mar 29, 2026Updated 3 months ago
- Comparison of Chainguard Images to others☆21Updated this week
- Kubernetes in Docker on Travis-CI☆44Jul 5, 2019Updated 7 years ago
- K8S Operator for Rekor☆20Feb 23, 2023Updated 3 years ago
- Serverless Workshop☆16Dec 8, 2022Updated 3 years ago
- Dynamic GitHub Actions from Wolfi packages☆45May 5, 2026Updated 2 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆102Nov 10, 2025Updated 7 months ago
- ☆14Aug 21, 2025Updated 10 months ago
- To manage Docker Content Trust and Notary certificates☆13Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Takes a software bill of materials and outputs provenance, and activity data from trustypkg.dev☆11May 19, 2025Updated last year
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆115Jun 29, 2026Updated last week
- Overview of philips-labs helm charts☆16Jun 23, 2026Updated 2 weeks ago
- Monorepo for Identity Box☆20Aug 11, 2024Updated last year
- ☆14Nov 13, 2023Updated 2 years ago
- ☆13Dec 15, 2025Updated 6 months ago
- Organises Kubernetes manifests into a standard format☆16Dec 21, 2024Updated last year