- Seattle, WA
- http:https://jmp.soy
- @bureado
Highlights
Block or Report
Block or report bureado
Contact GitHub support about this user’s behavior. Learn more about reporting abuse.
Report abuseStars
Language
Sort by: Recently starred
Supply Chain Integrity Transparency and Trust ledger application using Confidential Consortium Framework (CCF)
A standard API specification for exchanging supply chain artifacts and intelligence
Potential WG on Artificial Intelligence and Machine Learning (AI/ML)
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A universal SBOM representation in protocol buffers
A Kubernetes controller and tool for one-way encrypted Secrets
Security risk analysis for Kubernetes resources
eBPF-based autoinstrumentation of web applications and network metrics
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
For engineers and security teams driving fast and secure software supply chains
Overlay is a browser extension helping developers evaluate open source packages before picking them
🧵 CLI tool for directly patching container images!
CLI for adding OCI annotations to existing registry artifacts
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
Open Source Software Secure Supply Chain Framework
Collection of tools for analyzing open source packages.
A repository of strace results for lots of packages.
Template scanner for security misconfiguration and best practices
Microsoft Security DevOps for GitHub Actions.