sethvargo / ratchetLinks
A tool for securing CI/CD workflows with version pinning.
☆843Updated last month
Alternatives and similar repositories for ratchet
Users that are interested in ratchet are comparing it to the libraries listed below
Sorting:
- Keyless Git signing using Sigstore☆1,011Updated last week
- git-xargs is a command-line tool (CLI) for making updates across multiple Github repositories with a single command.☆1,021Updated 2 weeks ago
- GitHub App to set and enforce security policies☆1,347Updated 2 weeks ago
- Open source compliance tool for development platforms.☆288Updated last year
- Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, an…☆859Updated last week
- A GitHub App that enforces approval policies on pull requests☆870Updated this week
- Evaluate source control (GitHub) security posture☆252Updated 2 years ago
- Language-agnostic SLSA provenance generation for Github Actions☆490Updated last month
- A Declarative Dependency Management tool☆776Updated this week
- Public Chainguard Images☆612Updated this week
- Automated changelog tool for preparing releases with lots of customization options☆783Updated this week
- Regal is a linter and language server for Rego, bringing your policy development experience to the next level!☆319Updated this week
- Build OCI images from APK packages directly without Dockerfile☆1,400Updated this week
- tfquery: Run SQL queries on your Terraform infrastructure. Query resources and analyze its configuration using a SQL-powered framework.☆325Updated 2 years ago
- Anchore container analysis and scan provided as a GitHub Action☆250Updated this week
- An anonymous & ephemeral Docker image registry☆640Updated 9 months ago
- A security layer for Git repositories☆536Updated this week
- 🧪 Run common networking tests against any site.☆1,019Updated 6 months ago
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆491Updated last week
- Valet helps facilitate the migration of Azure DevOps, CircleCI, GitLab CI, Jenkins, and Travis CI pipelines to GitHub Actions.☆508Updated 2 years ago
- Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices☆525Updated 2 weeks ago
- Update multiple repositories in with one command☆1,055Updated this week
- An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…☆754Updated 7 months ago
- GitHub Action for Dagger☆154Updated 4 months ago
- Convert Kubernetes YAML to Golang☆1,262Updated 2 years ago
- Regula checks infrastructure as code templates (Terraform, CloudFormation, k8s manifests) for AWS, Azure, Google Cloud, and Kubernetes se…☆964Updated 11 months ago
- Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities☆1,012Updated 3 weeks ago
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆213Updated this week
- Verify provenance from SLSA compliant builders☆275Updated last week
- 🐚 Hermit manages isolated, self-bootstrapping sets of tools in software projects.☆687Updated last week