9 results found Sort:

slsa-framework
slsa-github-generator slsa-framework
129
429
apache-2.0
15
Language-agnostic SLSA provenance generation for Github Actions
slsa security security-tools slsaprovenance security-hardening
Created 2022-03-28
1,035 commits to main branch, last one 8 days ago
chainloop-dev
chainloop chainloop-dev
27
372
apache-2.0
11
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security
Created 2023-03-06
984 commits to main branch, last one 13 hours ago
oracle
macaron oracle
22
135
upl-1.0
10
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...
npm cicd sbom slsa maven docker gradle python build-system malware-analysis malware-detection integrity-protection supply-chain-security
Created 2022-12-05
464 commits to main branch, last one about a month ago
vishalgarg-sec
Software-Supply-Chain-Security vishalgarg-sec
17
125
unknown
6
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
vex cncf sbom slsa owasp openssf attestations software-security open-source-security supply-chain-attacks dependency-management software-transparency supply-chain-security vulnerability-management software-bill-of-material software-supply-chain-security
Created 2023-07-28
88 commits to main branch, last one 9 months ago
mchmarny
s3cme mchmarny
10
92
apache-2.0
6
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
oidc sbom slsa cosine provenance attestation vulnerability supply-chain-security
Created 2023-01-12
330 commits to main branch, last one 9 months ago
buildsafedev
bsf buildsafedev
13
67
apache-2.0
3
Developer-centric tool to secure your software supply chain.
nix slsa hacktoberfest reproducibility supply-chain-security
Created 2024-05-31
291 commits to main branch, last one 27 days ago
kubernetes-sigs
tejolote kubernetes-sigs
9
56
apache-2.0
6
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
sbom slsa sigstore provenance attestation
Created 2022-07-09
803 commits to main branch, last one 2 hours ago
philips-labs
slsa-provenance-action philips-labs
18
47
mit
6
Github Action implementation of SLSA Provenance Generation
slsa in-toto security provenance github-action hacktoberfest github-actions security-tools software-supply-chain
Created 2021-09-13
531 commits to main branch, last one 2 days ago
deislabs
image-layer-provenance deislabs
2
41
mit
3
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
cve oci oras slsa docker security container oci-image containers provenance vulnerability security-audit security-tools slsaprovenance container-image vulnerabilities containerization vulnerability-assessment vulnerability-management
This repository has been archived (exclude archived)
Created 2022-08-05
24 commits to main branch, last one 2 years ago