sozercan / guac-ai-moleLinks
π₯ Inspect and understand an organization's software supply chain using AI to enable stakeholders to make actionable decisions about software supply chain security
β21Updated last year
Alternatives and similar repositories for guac-ai-mole
Users that are interested in guac-ai-mole are comparing it to the libraries listed below
Sorting:
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworksβ33Updated 7 months ago
- Visualizer for GUACβ28Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for soβ¦β103Updated last week
- β67Updated last year
- Helm Chart for deploying GUACβ18Updated 5 months ago
- A CLI tool for creating secure by design/default source repos.β28Updated last year
- General sigstore community repoβ42Updated this week
- Helm charts for sigstore projectβ82Updated last week
- Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable suppβ¦β148Updated this week
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.β68Updated this week
- Generate a score for your sbom to understand if it will actually be useful.β234Updated last year
- β251Updated 2 weeks ago
- Artifact Ratification Framework (CNCF Sandbox)β279Updated this week
- CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practicesβ143Updated this week
- Example CLI project to demo API architecture and protobom libraryβ23Updated 2 weeks ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.β68Updated this week
- Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.β19Updated last week
- sigstore installation walkthrough, localβ62Updated last year
- Enrich SBOMs with data from third party servicesβ198Updated 2 months ago
- A specification for signing methods and formats used by Secure Systems Lab projects.β88Updated last week
- A tool to create, transform and attest VEX metadataβ164Updated last week
- GitHub Action for creating software bill of materials using Syft.β209Updated this week
- Cross tooling and interoperability specificationsβ174Updated 6 months ago
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuouslyβ¦β215Updated 5 months ago
- Go implementation of witnessβ41Updated this week
- Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.β33Updated 2 years ago
- sigstore the hard way!β116Updated 3 months ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.β44Updated 2 years ago
- β16Updated last year
- β57Updated 3 years ago