spdx / sbom-landscapeLinks
SPDX SBOM Landscape
☆16Updated 2 years ago
Alternatives and similar repositories for sbom-landscape
Users that are interested in sbom-landscape are comparing it to the libraries listed below
Sorting:
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆65Updated this week
- depstat is a dependency analyzer for Go modules enabled projects. It runs as part of the Kubernetes CI pipeline to help evaluate dependen…☆36Updated 9 months ago
- Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.☆43Updated last year
- Service implementation for a Kubernetes Dynamic Webhook controller for interacting with Anchore☆65Updated this week
- ☆20Updated this week
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆32Updated 4 months ago
- SPDX Merge tool☆47Updated 4 months ago
- A Kubernetes-native Jenkins pipeline execution orchestrator.☆18Updated 5 months ago
- Linux agent used to submit realtime SBOMs and dependency usage information to EdgeBit☆14Updated 7 months ago
- Integrates Spiffe and Vault to have secretless authentication☆92Updated this week
- Go module to generate and transform VEX documents☆46Updated last week
- ☆20Updated 2 months ago
- To manage Docker Content Trust and Notary certificates☆13Updated last week
- ☆64Updated last year
- Sigstore user stories☆30Updated 2 years ago
- 🏆 CNCF Community Awards☆24Updated 3 months ago
- Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts☆16Updated this week
- CLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices☆136Updated last week
- ☆21Updated last month
- A CLI used to work with the Wolfi OSS project☆66Updated this week
- Simple example for using an in-cluster BuildKit instance for container builds☆19Updated 6 years ago
- vexctl is a tool to attest VEX impact statements☆45Updated 2 years ago
- Cloud Storage Kubernetes Operator with Go and Operator SDK☆12Updated 4 years ago
- Sigstore's Protocol Buffer specifications☆33Updated this week
- An query language and interactive tooling to work with SBOM data.☆14Updated 10 months ago
- A 'kubectl' plugin that provides insight into the topology of a Kubernetes cluster.☆35Updated 2 years ago
- Framework and scripts to create multiple Kubernetes clusters with kind (K8s in Docker) for local E2E testing and development.☆56Updated this week
- UI for zot registry☆13Updated last month
- Stuff to make standing up sigstore (esp. for testing) easier for e2e/integration testing.☆68Updated last week
- ☆57Updated 3 years ago