sethvargo / ratchet
A tool for securing CI/CD workflows with version pinning.
☆772Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for ratchet
- Keyless Git signing using Sigstore☆943Updated this week
- GitHub App to set and enforce security policies☆1,254Updated this week
- Open source compliance tool for development platforms.☆286Updated last year
- Network egress filtering and runtime security for GitHub-hosted and self-hosted runners☆618Updated last week
- git-xargs is a command-line tool (CLI) for making updates across multiple Github repositories with a single command.☆949Updated last week
- Evaluate source control (GitHub) security posture☆249Updated last year
- A simple tool to help apply changes across many GitHub repositories simultaneously☆442Updated this week
- Update multiple repositories in with one command☆893Updated last week
- Valet helps facilitate the migration of Azure DevOps, CircleCI, GitLab CI, Jenkins, and Travis CI pipelines to GitHub Actions.☆510Updated last year
- Language-agnostic SLSA provenance generation for Github Actions☆430Updated this week
- A security layer for Git repositories☆462Updated this week
- A Declarative Dependency Management tool☆575Updated this week
- Build OCI images from APK packages directly without Dockerfile☆1,199Updated this week
- ☆613Updated last month
- An anonymous & ephemeral Docker image registry☆524Updated last month
- Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices☆515Updated last month
- cdebug - a swiss army knife of container debugging☆1,358Updated last week
- Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities☆827Updated 2 weeks ago
- Sigstore OIDC PKI☆651Updated this week
- Software Supply Chain Transparency Log☆895Updated this week
- Publish from GitHub Actions using multi-factor authentication☆276Updated 3 weeks ago
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆962Updated 2 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆413Updated this week
- A GitHub App that enforces approval policies on pull requests☆772Updated this week
- A curated list of OPA related tools, frameworks and articles☆786Updated this week
- Public Chainguard Images☆546Updated this week
- 🧪 Run common networking tests against any site.☆970Updated 2 years ago
- Convert Kubernetes YAML to Golang☆1,257Updated last year
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆726Updated 3 months ago