slsa-framework / example-package
☆17Updated this week
Related projects ⓘ
Alternatives and complementary repositories for example-package
- Go library for Sigstore signing and verification☆48Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆56Updated this week
- ☆30Updated 3 weeks ago
- ☆56Updated 2 years ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆99Updated 2 years ago
- Helm charts for sigstore project☆66Updated this week
- Helm Chart for deploying GUAC☆14Updated 3 months ago
- A TUF repository and signing tool☆22Updated this week
- TUF repository for Sigstore trust root☆90Updated this week
- Log monitor for Rekor to verify immutability and monitor entries☆26Updated this week
- Protocol Buffer specifications☆23Updated this week
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆15Updated last week
- Search Rekor for entries☆27Updated 4 months ago
- A GitHub Action used for publishing an Action to ghcr.io as an OCI container.☆40Updated 2 weeks ago
- Go library for Sigstore signing and verification☆16Updated last year
- A specification for signing methods and formats used by Secure Systems Lab projects.☆68Updated 2 months ago
- Github Action implementation of SLSA Provenance Generation☆47Updated this week
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆32Updated 4 months ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆73Updated this week
- Go implementation of The Update Framework heavily influenced by python-tuf☆13Updated 8 months ago
- Website and API for OpenSSF Scorecard☆22Updated this week
- Various tools, images, etc. to support the Wolfi OSS project☆19Updated this week
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆41Updated last year
- A tool that takes two or more micro SBOMs and composes them into one distributable SBOM☆23Updated last year
- A CLI used to work with the Wolfi OSS project☆57Updated this week
- native go library for installation and management of apk packages☆29Updated 5 months ago
- BuildKit Syft scanner☆26Updated 3 months ago
- Build and deploy Go applications with Terraform☆27Updated last week
- Sigstore user stories☆29Updated last year
- SLSA level 3 action☆11Updated 6 months ago