10 results found Sort:

slsa-framework
slsa-github-generator slsa-framework
135
435
apache-2.0
15
Language-agnostic SLSA provenance generation for Github Actions
slsa security security-tools slsaprovenance security-hardening
Created 2022-03-28
1,042 commits to main branch, last one 4 days ago
chainloop-dev
chainloop chainloop-dev
30
378
apache-2.0
11
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
1,141 commits to main branch, last one a day ago
oracle
macaron oracle
23
141
upl-1.0
10
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...
npm cicd sbom slsa maven docker gradle python build-system malware-analysis malware-detection integrity-protection supply-chain-security
Created 2022-12-05
500 commits to main branch, last one 25 days ago
vishalgarg-sec
Software-Supply-Chain-Security vishalgarg-sec
17
128
unknown
6
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
vex cncf sbom slsa owasp openssf attestations software-security open-source-security supply-chain-attacks dependency-management software-transparency supply-chain-security vulnerability-management software-bill-of-material software-supply-chain-security
Created 2023-07-28
88 commits to main branch, last one 10 months ago
mchmarny
s3cme mchmarny
10
98
apache-2.0
6
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
oidc sbom slsa cosine provenance attestation vulnerability supply-chain-security
Created 2023-01-12
330 commits to main branch, last one 10 months ago
buildsafedev
bsf buildsafedev
13
73
apache-2.0
3
Developer-centric tool to secure your software supply chain.
nix slsa hacktoberfest reproducibility supply-chain-security
Created 2024-05-31
301 commits to main branch, last one 4 days ago
kubernetes-sigs
tejolote kubernetes-sigs
9
58
apache-2.0
6
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
sbom slsa sigstore provenance attestation
Created 2022-07-09
840 commits to main branch, last one a day ago
philips-labs
slsa-provenance-action philips-labs
18
47
mit
6
Github Action implementation of SLSA Provenance Generation
slsa in-toto security provenance github-action hacktoberfest github-actions security-tools software-supply-chain
Created 2021-09-13
535 commits to main branch, last one 12 days ago
deislabs
image-layer-provenance deislabs
2
42
mit
3
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
cve oci oras slsa docker security container oci-image containers provenance vulnerability security-audit security-tools slsaprovenance container-image vulnerabilities containerization vulnerability-assessment vulnerability-management
This repository has been archived (exclude archived)
Created 2022-08-05
24 commits to main branch, last one 2 years ago
johnbillion
action-wordpress-plugin-attestation johnbillion
0
39
mit
3
GitHub Action to generate an attestation for the build provenance of a plugin ZIP file on WordPress.org
slsa wordpress github-actions supply-chain-security
Created 2024-11-15
59 commits to trunk branch, last one 23 hours ago