rewanthtammana / sigstore-the-easy-wayLinks
Software signing just got easier
☆20Updated last year
Alternatives and similar repositories for sigstore-the-easy-way
Users that are interested in sigstore-the-easy-way are comparing it to the libraries listed below
Sorting:
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- An SBOM query language and associated utilities☆54Updated last year
- Scans SBOMs for vulnerabilities with Grype☆85Updated this week
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆60Updated 2 years ago
- ☆56Updated last month
- Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect☆23Updated last week
- Trust Dexter to ensure that all your images are pinned by digest for better security☆30Updated last year
- a tool to audit the istio service mesh☆173Updated 3 years ago
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆24Updated 10 months ago
- SBOM Move - Automate build and transfer of SBOMs across systems☆24Updated 2 weeks ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆101Updated last week
- This is just a proof-of-concept project that aims to sign and verify container images using cosign and OPA (Open Policy Agent)☆63Updated 4 years ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- sigstore the hard way!☆117Updated 2 months ago
- Slack alert bot for matching Github Audit Events☆10Updated 11 months ago
- Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification☆69Updated last month
- (D)ocker(F)ile (C)onverter: CLI to convert Dockerfiles to use Chainguard Images and APKs in FROM and RUN lines etc.☆92Updated 3 weeks ago
- BadRobot - Operator Security Audit Tool☆223Updated this week
- in-toto is a framework to secure the software supply chain.☆71Updated 9 months ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆42Updated 2 years ago
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆67Updated last year
- K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy. The tool o…☆32Updated 2 years ago
- Securing Alice's, Bob's and Carl's software supply chain using in-toto☆98Updated 2 weeks ago
- Kubernetes audit logging, when you don't control the control plane☆85Updated last week
- ☆67Updated last year
- ☆27Updated 5 months ago
- This is a POC repository showing how a Kubernetes Admission Controller can be made irrelevant when verifying container image signatures☆12Updated 2 years ago
- Runtime security plug to protect user containers☆66Updated this week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Updated 2 years ago
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆111Updated 9 months ago