slsa-framework / governanceLinks
SLSA implementation of Community Specification governance
☆21Updated 2 months ago
Alternatives and similar repositories for governance
Users that are interested in governance are comparing it to the libraries listed below
Sorting:
- SLSA Proposals☆10Updated last year
- Website and API for OpenSSF Scorecard☆24Updated this week
- Utility for bulk image, license, package, and vulnerability discovery in containerize workloads on GCP. Includes CLI and Service with cus…☆14Updated last year
- Exploit Prediction Scoring System (EPSS)☆27Updated 3 years ago
- A proof-of-concept SLSA provenance generator for Jenkins☆24Updated 10 months ago
- Source for official CVE Program policy documents.☆16Updated last month
- SLSA Azure DevOps Pipelines Extension☆30Updated 10 months ago
- A best practice Docker image of Open edX☆19Updated last year
- Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your re…☆21Updated last year
- ☆15Updated last month
- Decision trees generated via Graphviz to inform pragmatic threat modelling.☆11Updated 4 years ago
- vexctl is a tool to attest VEX impact statements☆44Updated 2 years ago
- Log monitor for Rekor to verify immutability and monitor entries☆36Updated last week
- Generate SBOMs with gh CLI☆188Updated 3 weeks ago
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 5 months ago
- ☆29Updated last week
- ☆57Updated 3 years ago
- ☆10Updated last year
- The Open edX platform, the software that powers edX!☆13Updated 8 years ago
- Supply Chain Integrity Model☆105Updated 2 years ago
- ☆60Updated 2 months ago
- Proof-of-concept SLSA provenance generator for GitHub Actions☆100Updated 2 years ago
- A CLI tool for creating secure by design/default source repos.☆26Updated 10 months ago
- Technical Advisory Council☆126Updated last week
- Compare vulnerability scanners results (to make them better!)☆16Updated this week
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆21Updated 2 years ago
- The model for the information captured in SPDX version 3 standard.☆85Updated this week
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated this week
- ☆62Updated 11 months ago
- TUF repository for Sigstore trust root☆105Updated this week