slsa-framework / governance
SLSA implementation of Community Specification governance
☆16Updated 9 months ago
Related projects: ⓘ
- Website and API for OpenSSF Scorecard☆22Updated this week
- SLSA Azure DevOps Pipelines Extension☆23Updated last month
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated last year
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated last week
- Technical Advisory Council☆107Updated last week
- Generate SBOMs with gh CLI☆164Updated 9 months ago
- TUF repository for Sigstore trust root☆84Updated this week
- General sigstore community repo☆38Updated this week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆66Updated last week
- OpenSSF Endusers Working Group☆28Updated 5 months ago
- ☆56Updated 2 years ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Simplify OpenSSF Scorecard tracking in your organization with automated markdown and JSON reports, plus optional GitHub issue alerts☆31Updated 2 months ago
- Markdown Version of the DHS/CISA Secure Software Development Self Attestation Form.☆20Updated last year
- ☆16Updated 4 months ago
- Compare vulnerability scanners results (to make them better!)☆14Updated this week
- ☆64Updated 4 months ago
- Github Action implementation of SLSA Provenance Generation☆47Updated 2 weeks ago
- Utility for bulk image, license, package, and vulnerability discovery in containerize workloads on GCP. Includes CLI and Service with cus…☆13Updated 7 months ago
- Slack alert bot for matching Github Audit Events☆10Updated 3 weeks ago
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆57Updated this week
- A tool to create, transform and attest VEX metadata☆109Updated last week
- Collect, curate, and communicate relevant security metrics for open source projects.☆63Updated 6 months ago
- TACOS framework structural details☆19Updated 9 months ago
- Git action to generate security lint report for Kubernetes workload YAML files on PR☆29Updated 2 years ago
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated 3 weeks ago
- ☆56Updated 2 months ago
- Supply Chain Integrity Model☆102Updated last year
- ☆51Updated 6 months ago
- A CLI tool for creating secure by design/default source repos.☆24Updated last month