slsa-framework/slsa

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/slsa-framework/slsa)

slsa-framework / slsa

Supply-chain Levels for Software Artifacts

☆1,823

Alternatives and similar repositories for slsa

Users that are interested in slsa are comparing it to the libraries listed below

Sorting:

in-toto / in-toto
View on GitHub
in-toto is a framework to protect supply chain integrity.
☆982Updated this week
guacsec / guac
View on GitHub
GUAC aggregates software security metadata into a high fidelity graph database.
☆1,454Updated this week
in-toto / attestation
View on GitHub
in-toto Attestation Framework
☆328Updated this week
slsa-framework / slsa-github-generator
View on GitHub
Language-agnostic SLSA provenance generation for Github Actions
☆554Mar 9, 2026Updated last week
ossf / scorecard
View on GitHub
OpenSSF Scorecard - Security health metrics for Open Source
☆5,315Updated this week
sigstore / cosign
View on GitHub
Code signing and transparency for containers and binaries
☆5,734Updated this week
slsa-framework / slsa-verifier
View on GitHub
Verify provenance from SLSA compliant builders
☆313Mar 9, 2026Updated last week
sigstore / rekor
View on GitHub
Software Supply Chain Transparency Log
☆1,100Updated this week
buildsec / frsca
View on GitHub
☆255Updated this week
in-toto / witness
View on GitHub
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…
☆519Updated this week
slsa-framework / github-actions-demo
View on GitHub
Proof-of-concept SLSA provenance generator for GitHub Actions
☆100Nov 1, 2022Updated 3 years ago
sigstore / fulcio
View on GitHub
Sigstore OIDC PKI
☆814Updated this week
cncf / tag-security
View on GitHub
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
☆2,258Dec 8, 2025Updated 3 months ago
slsa-framework / slsa-proposals
View on GitHub
SLSA Proposals
☆11Jan 29, 2024Updated 2 years ago
anchore / syft
View on GitHub
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
☆8,510Updated this week
tektoncd / chains
View on GitHub
Supply Chain Security in Tekton Pipelines
☆270Updated this week
ossf / wg-supply-chain-integrity
View on GitHub
Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the …
☆199Jan 15, 2026Updated 2 months ago
secure-systems-lab / dsse
View on GitHub
A specification for signing methods and formats used by Secure Systems Lab projects.
☆94Nov 10, 2025Updated 4 months ago
ossf / s2c2f
View on GitHub
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…
☆227May 26, 2025Updated 9 months ago
CycloneDX / specification
View on GitHub
OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reductio…
☆487Updated this week
ossf / allstar
View on GitHub
GitHub App to set and enforce security policies
☆1,394Updated this week
google / osv.dev
View on GitHub
Open source vulnerability DB and triage service.
☆2,530Updated this week
sigstore / gitsign
View on GitHub
Keyless Git signing using Sigstore
☆1,066Mar 9, 2026Updated last week
anchore / grype
View on GitHub
A vulnerability scanner for container images and filesystems
☆11,733Mar 13, 2026Updated last week
in-toto / in-toto-golang
View on GitHub
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
☆145Mar 13, 2026Updated last week
package-url / purl-spec
View on GitHub
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
☆998Updated this week
bomctl / bomctl
View on GitHub
Format agnostic SBOM tooling
☆133Nov 20, 2025Updated 4 months ago
chainguard-dev / ssc-reading-list
View on GitHub
A reading list for software supply-chain security.
☆364Nov 21, 2022Updated 3 years ago
kubernetes-sigs / bom
View on GitHub
A utility to generate SPDX-compliant Bill of Materials manifests
☆446Mar 13, 2026Updated last week
SBOMit / specification
View on GitHub
☆76Dec 10, 2025Updated 3 months ago
aquasecurity / chain-bench
View on GitHub
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchm…
☆770Dec 11, 2024Updated last year
in-toto / demo
View on GitHub
Securing Alice's, Bob's and Carl's software supply chain using in-toto
☆105Feb 11, 2026Updated last month
aquasecurity / trivy
View on GitHub
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
☆33,205Updated this week
cilium / tetragon
View on GitHub
eBPF-based Security Observability and Runtime Enforcement
☆4,476Mar 14, 2026Updated last week
in-toto / archivista
View on GitHub
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…
☆108Updated this week
grafeas / grafeas
View on GitHub
Artifact Metadata API
☆1,564Mar 9, 2026Updated last week
DependencyTrack / dependency-track
View on GitHub
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supp…
☆3,666Updated this week
slsa-framework / governance
View on GitHub
SLSA implementation of Community Specification governance
☆24Jan 15, 2026Updated 2 months ago
bureado / awesome-software-supply-chain-security
View on GitHub
A compilation of resources in the software supply chain security domain, with emphasis on open source
☆349Updated this week