Language-agnostic SLSA provenance generation for Github Actions
-
Updated
Oct 31, 2024 - Go
#
slsa
Here are 39 public repositories matching this topic...
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
security
open-source-licensing
compliance
license
spdx
attestation
devsecops
ospo
oss-compliance
sbom
in-toto
cyclonedx
slsa
supply-chain-security
sbom-distribution
slsa-provenance
metadata-platform
sbom-discovery
regulated-industry
-
Updated
Oct 31, 2024 - Go
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
python
docker
npm
gradle
maven
build-system
malware-analysis
cicd
integrity-protection
malware-detection
sbom
slsa
supply-chain-security
-
Updated
Nov 1, 2024 - Python
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
cncf
owasp
vex
vulnerability-management
software-security
dependency-management
sbom
attestations
slsa
open-source-security
supply-chain-security
supply-chain-attacks
software-supply-chain-security
openssf
software-bill-of-material
software-transparency
-
Updated
Jan 28, 2024
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
-
Updated
Apr 23, 2024 - Go
Developer-centric tool to secure your software supply chain.
-
Updated
Oct 10, 2024 - Go
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
-
Updated
Nov 1, 2024 - Go
Github Action implementation of SLSA Provenance Generation
security
provenance
software-supply-chain
hacktoberfest
security-tools
github-actions
github-action
in-toto
slsa
-
Updated
Oct 28, 2024 - Go
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
docker
security
security-audit
containers
container
provenance
oci
oci-image
vulnerability
vulnerabilities
cve
vulnerability-management
vulnerability-assessment
containerization
security-tools
container-image
oras
slsa
slsaprovenance
-
Updated
Oct 30, 2023 - Go
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
python
release-automation
python-package
reproducible-builds
security-automation
conventional-commits
secure-by-design
sbom
template-repository
slsa
slsaprovenance
-
Updated
Oct 28, 2024 - Makefile
Stream, Mutate and Sign Images with AWS Lambda and ECR
-
Updated
Oct 28, 2021 - Go
SLSA level 3 action
-
Updated
Apr 26, 2024 - Go
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
-
Updated
Oct 26, 2023 - Go
boostsecurityio/supply-chain-research
-
Updated
Jan 9, 2023
Azure DevOps Server development system segmentation best practices
security-cheat-sheets
azure-devops
azure-devops-server
slsa
network-segmentation
supply-chain-security
devsecops-best-practices
cicd-segmentation
dsomm
-
Updated
Sep 20, 2022
Improve this page
Add a description, image, and links to the slsa topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the slsa topic, visit your repo's landing page and select "manage topics."