slsa-framework / governanceLinks
SLSA implementation of Community Specification governance
☆22Updated 4 months ago
Alternatives and similar repositories for governance
Users that are interested in governance are comparing it to the libraries listed below
Sorting:
- Generate SBOMs with gh CLI☆191Updated 3 months ago
- Website and API for OpenSSF Scorecard☆24Updated this week
- SLSA Proposals☆10Updated last year
- Technical Advisory Council☆129Updated 2 weeks ago
- Supply Chain Integrity Model☆105Updated 2 years ago
- Scan GitHub Actions Workflow logs for IOCs☆15Updated this week
- General sigstore community repo☆41Updated last week
- Github Action implementation of SLSA Provenance Generation☆50Updated this week
- ☆114Updated 3 weeks ago
- Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …☆188Updated last year
- Utility for bulk image, license, package, and vulnerability discovery in containerize workloads on GCP. Includes CLI and Service with cus…☆13Updated last year
- Manage a uniform team of security managers for every organization in your enterprise☆18Updated last year
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 7 months ago
- Our mission is to catalyze sustainable improvements to critical open source software projects and ecosystems.☆107Updated last week
- Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your re…☆22Updated 3 weeks ago
- The OpenSSF Vulnerability Disclosures Working Group seeks to help improve the overall security of the open source software ecosystem by h…☆195Updated last month
- ☆16Updated 2 months ago
- A guide on coordinated vulnerability disclosure for open source projects. Includes templates for security policies (security.md) and disc…☆128Updated 7 months ago
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated last year
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- A proof-of-concept SLSA provenance generator for Jenkins☆23Updated last year
- Exploit Prediction Scoring System (EPSS)☆30Updated 3 years ago
- ☆121Updated last week
- An SBOM query language and associated utilities☆54Updated last year
- This repository contains a sample script which can be used to enable security vulnerability alerts in all of the repositories in a given …☆80Updated 11 months ago
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆33Updated 2 years ago
- Entitlements plugin for a robust audit log☆21Updated 2 weeks ago
- Evangelizing the mission and work of the OpenSSF and building strong community outreach around end-users, open-source maintainers, and co…☆22Updated last year
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Synchronize GitHub Code Scanning alerts to Jira issues☆91Updated 2 weeks ago