Github Action implementation of SLSA Provenance Generation
☆50Mar 6, 2026Updated this week
Alternatives and similar repositories for slsa-provenance-action
Users that are interested in slsa-provenance-action are comparing it to the libraries listed below
Sorting:
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆11Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Nov 1, 2022Updated 3 years ago
- GitHub actions for the chainguard-images☆21Updated this week
- Submit SBOMs to GitHub's dependency submission API☆18Dec 4, 2025Updated 3 months ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆45Oct 30, 2023Updated 2 years ago
- A proof-of-concept SLSA provenance generator for Jenkins☆24Jul 29, 2024Updated last year
- Integrates Spiffe and Vault to have secretless authentication☆99Mar 2, 2026Updated last week
- ☆11Nov 11, 2022Updated 3 years ago
- SLSA level 3 action☆11Apr 26, 2024Updated last year
- A docker CLI plugin for verifying signed attestations on images☆13Oct 27, 2023Updated 2 years ago
- Lambda function for verifying signed images in ECS☆37Mar 9, 2024Updated 2 years ago
- Example repository that demonstrates a supply chain security workflow using Syft, Grype, Cosign☆12Sep 15, 2021Updated 4 years ago
- To manage Docker Content Trust and Notary certificates☆13Mar 2, 2026Updated last week
- Generates SPDX bill-of-material files from a package input and license scan☆13Apr 15, 2024Updated last year
- Comparison of Chainguard Images to others☆21Updated this week
- ☆58Jun 1, 2022Updated 3 years ago
- ☆20Mar 5, 2022Updated 4 years ago
- Docker CI scripts☆12Nov 24, 2025Updated 3 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.☆94Nov 10, 2025Updated 3 months ago
- Open Policy Agent WebAssembly Go SDK☆21Jan 8, 2026Updated 2 months ago
- GitHub action to produce a SBOM report from a given Black Duck project☆12Feb 5, 2026Updated last month
- Pre-commit git hooks for Open Policy Agent (OPA) and Rego development☆68Jul 6, 2025Updated 8 months ago
- ☆255Mar 2, 2026Updated last week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆348Updated this week
- An example repo demonstrating keyless signing with Github Actions☆11May 24, 2022Updated 3 years ago
- Enable Falco to read audit logs from EKS☆11Dec 13, 2020Updated 5 years ago
- Repository characteristics☆14Updated this week
- Kubernetes in Docker on Travis-CI☆44Jul 5, 2019Updated 6 years ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆518Updated this week
- vexctl is a tool to attest VEX impact statements☆45Mar 27, 2023Updated 2 years ago
- A Kubewarden Policy that verifies all the signatures of the container images referenced by a Pod☆13Jan 20, 2026Updated last month
- Kubernetes tools in a "distroless" container☆13Oct 30, 2023Updated 2 years ago
- create issues from a syndication feed (RSS or Atom).☆14Feb 28, 2026Updated last week
- Linux agent used to submit realtime SBOMs and dependency usage information to EdgeBit☆15Jan 24, 2025Updated last year
- Build and publish Docker images, run builds/tasks within Docker containers or on remote hosts.☆16Mar 2, 2026Updated last week
- A kubectl plugin to run kubectl macro that wraps a set of kubectl calls into one command to be run many times.☆11Jun 28, 2021Updated 4 years ago
- Sharing software supply chain security open source projects☆53Dec 19, 2022Updated 3 years ago
- A practice repo to collect examples of using tekton with kubernetes☆11May 18, 2020Updated 5 years ago
- A configurable and flexible admission controller toolkit for Kubernetes built in Go and extensible with Go.☆13Sep 29, 2023Updated 2 years ago