slsa-framework / slsa-jenkins-generator
A proof-of-concept SLSA provenance generator for Jenkins
☆18Updated 3 months ago
Related projects ⓘ
Alternatives and complementary repositories for slsa-jenkins-generator
- A specification for signing methods and formats used by Secure Systems Lab projects.☆68Updated last month
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆30Updated 10 months ago
- Search Rekor for entries☆23Updated 3 months ago
- ☆61Updated 3 months ago
- Protocol Buffer specifications☆23Updated this week
- fatt tries to find any purl in your project by looking at predefined fields in the supported packages. These fields describe using a purl…☆10Updated last week
- Funding requests for project infrastructure, events, and consulting.☆16Updated last year
- ☆26Updated this week
- K8S Operator for Rekor☆20Updated last year
- Website for OmniBOR, reproducible identifiers & fine-grained build dependency tracking for software artifacts.☆21Updated 2 weeks ago
- SLSA Proposals☆9Updated 9 months ago
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Sigstore user stories☆29Updated last year
- A TUF repository and signing tool☆21Updated this week
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆15Updated this week
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆56Updated this week
- ☆18Updated 5 months ago
- GitHub actions for the chainguard-images☆17Updated 3 months ago
- SPDX Merge tool☆39Updated 2 months ago
- in-toto is a framework to secure the software supply chain.☆69Updated last week
- A CLI tool for creating secure by design/default source repos.☆24Updated 3 months ago
- A draft standard for communicating a cryptographic record of build inputs for software artifacts.☆23Updated 3 weeks ago
- TUF repository for Sigstore trust root☆88Updated this week
- Comparison of Chainguard Images to others☆17Updated this week
- An SBOM query language and associated utilities☆54Updated 9 months ago
- This tool allows using a SPIFFE JWT to authenticate to AWS APIs☆35Updated 5 months ago
- Helm Chart for deploying GUAC☆14Updated 3 months ago
- ☆21Updated last year
- Simple tool that allows you to detect imposter commits in GitHub Actions workflows.☆22Updated this week
- Automating Compliance Tooling Project☆20Updated 2 years ago