sigstore / sigstore-js
Code-signing for npm packages
☆155Updated this week
Related projects: ⓘ
- TUF repository for Sigstore trust root☆84Updated this week
- GitHub Action for creating software bill of materials using Syft.☆162Updated this week
- Common go library shared across sigstore services and clients☆443Updated this week
- Purpose-built security agent for hosted runners☆28Updated last month
- Go library for Sigstore signing and verification☆43Updated this week
- in-toto Attestation Framework☆231Updated this week
- Supply Chain Security in Tekton Pipelines☆245Updated this week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆66Updated last week
- General sigstore community repo☆38Updated this week
- Verify provenance from SLSA compliant builders☆223Updated 2 weeks ago
- ☆56Updated 2 years ago
- Publish a signed build provenance from your GitHub Actions workflow☆64Updated 3 months ago
- Orchestrate GitHub Actions Security☆255Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆57Updated this week
- Dynamic GitHub Actions from Wolfi packages☆41Updated 4 months ago
- Language-agnostic SLSA provenance generation for Github Actions☆413Updated last week
- Software Supply Chain Security Platform☆246Updated this week
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated last year
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supp…☆123Updated last week
- Sigstore OIDC PKI☆641Updated this week
- Cosign Github Action☆119Updated last week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆31Updated 2 months ago
- A collection of reusable Github Actions workflows.☆115Updated this week
- Search Rekor for entries☆27Updated 2 months ago
- in-toto Enhancements☆19Updated 2 months ago
- Generate SBOMs with gh CLI☆164Updated 9 months ago
- ☆225Updated this week
- A CLI tool to sign and verify artifacts☆336Updated this week
- Software Supply Chain Transparency Log☆880Updated this week
- Github Action implementation of SLSA Provenance Generation☆47Updated 2 weeks ago