stacklok / trusty-actionLinks
Trusty Dependency Risk Action
☆11Updated 7 months ago
Alternatives and similar repositories for trusty-action
Users that are interested in trusty-action are comparing it to the libraries listed below
Sorting:
- A repository containing example Minder rules and profiles☆23Updated 2 weeks ago
- A standard API specification for exchanging supply chain artifacts and intelligence☆84Updated 2 weeks ago
- Software Supply Chain Security Platform☆352Updated this week
- MKP is a Model Context Protocol (MCP) server for Kubernetes☆50Updated this week
- The security workflow engine!☆122Updated last week
- Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact pro…☆497Updated last week
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated last year
- Generate a score for your sbom to understand if it will actually be useful.☆233Updated last year
- ☆111Updated last week
- A tool to create, transform and attest VEX metadata☆155Updated this week
- Format agnostic SBOM tooling☆115Updated this week
- Working Group on Artificial Intelligence and Machine Learning (AI/ML) Security☆112Updated last month
- Throw a tag at it and it comes back with a checksum.☆150Updated this week
- A tool for preventing the installation of malicious npm and PyPI packages☆165Updated this week
- Runtime Security Solution for your CI/CD Pipeline☆109Updated 3 months ago
- A universal SBOM representation in protocol buffers☆300Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆99Updated last week
- kntrl is an eBPF based runtime agent that monitors and prevents anomalous behaviour defined by you on your pipeline. kntrl achieves this …☆119Updated last week
- A MCP server that provides web content fetching capabilities.☆19Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆67Updated last year
- Go implementation of witness☆37Updated this week
- sbomify is a product security artifact management platform.☆26Updated last week
- sigstore the hard way!☆117Updated last month
- Scan GitHub Actions Workflow logs for IOCs☆15Updated 3 weeks ago
- Portable , scalable , secure AI Agents☆74Updated last week
- A reading list for software supply-chain security.☆364Updated 2 years ago
- Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.☆19Updated 2 weeks ago
- ☆65Updated last year
- Visualizer for GUAC☆28Updated last month
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆137Updated last year