vmware-archive / rules_oss_audit
The complexities of identifying and tracking open-source software (OSS) to comply with license requirements adds friction to the development process and can result in product-release delays. At VMware, we solve this problem using Bazel to create an accurate bill of materials containing OSS and third-party packages during a build.
☆30Updated last year
Related projects: ⓘ
- Securing open-source package ecosystems by originating, validating, and augmenting build attestations.☆23Updated last week
- A specification for signing methods and formats used by Secure Systems Lab projects.☆66Updated last week
- An http proxy for reproducibility.☆19Updated last year
- Protocol Buffer specifications☆22Updated this week
- Umbrella Repository Service for TUF☆39Updated this week
- A non-interactive daemon for host management☆94Updated this week
- Go library for Sigstore signing and verification☆43Updated this week
- Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks☆30Updated 8 months ago
- A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.☆55Updated this week
- Go implementation of The Update Framework heavily influenced by python-tuf☆13Updated 6 months ago
- Software Supply Chain Attribute Integrity (SCAI) Demos and CLI tools☆18Updated last week
- Go module to generate and transform VEX documents☆33Updated last week
- ☆56Updated 2 years ago
- Darkfiles finds orphaned files in container images and makes them to bad deeds☆41Updated last year
- Log monitor for Rekor to verify immutability and monitor entries☆24Updated this week
- TUF repository for Sigstore trust root☆84Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆57Updated this week
- 🔭 Secret discovery service (SDS): simplifying certificate management for relying parties (such as Envoy)☆68Updated this week
- A sweet little formatter for YAML☆19Updated last month
- bomsh is collection of tools to explore the OmniBOR idea☆21Updated 5 months ago
- K8S Operator for Rekor☆20Updated last year
- Purpose-built security agent for hosted runners☆28Updated last month
- A CLI used to work with the Wolfi OSS project☆53Updated this week
- vault-auth-spire is an authentication plugin for Hashicorp Vault which allows logging into Vault using a Spire provided SVID.☆41Updated last year
- Go modules related to OCI (Open Container Initiative) registries☆23Updated last week
- Sigstore user stories☆29Updated last year
- ☆59Updated this week
- verify https assets with a public transparency log☆75Updated 2 years ago
- A simple (experimental) tool for generating Kubernetes manifest from templates based on CUE☆24Updated last year
- SPDX Merge tool☆39Updated last week