slsa

Star

Here are 19 public repositories matching this topic...

slsa-framework / slsa-github-generator

Star

Language-agnostic SLSA provenance generation for Github Actions

security security-hardening security-tools slsa slsaprovenance

Updated Nov 4, 2024
Go

chainloop-dev / chainloop

Star

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry

Updated Nov 15, 2024
Go

mchmarny / s3cme

Star

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

provenance vulnerability oidc cosine attestation sbom slsa supply-chain-security

Updated Apr 23, 2024
Go

buildsafedev / bsf

Star

Developer-centric tool to secure your software supply chain.

nix reproducibility hacktoberfest slsa supply-chain-security

Updated Nov 14, 2024
Go

kubernetes-sigs / tejolote

Star

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

provenance attestation sbom slsa sigstore

Updated Nov 15, 2024
Go

philips-labs / slsa-provenance-action

Star

Github Action implementation of SLSA Provenance Generation

security provenance software-supply-chain hacktoberfest security-tools github-actions github-action in-toto slsa

Updated Nov 11, 2024
Go

deislabs / image-layer-provenance

Star

Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.

docker security security-audit containers container provenance oci oci-image vulnerability vulnerabilities cve vulnerability-management vulnerability-assessment containerization security-tools container-image oras slsa slsaprovenance

Updated Oct 30, 2023
Go

martinbaillie / ocistow

Sponsor

Star

Stream, Mutate and Sign Images with AWS Lambda and ECR

docker aws aws-lambda oci ecr supplychain slsa cosign sigstore

Updated Oct 28, 2021
Go

nais / salsa

Star

SLSA level 3 action

end-to-end ci-cd provenance integrity software-supply-chain artifact slsa software-artifact

Updated Apr 26, 2024
Go

mattermost / builder

Star

Mattermost builder

provenance mattermost cicd reproducible-builds slsa

Updated Jan 1, 2022
Go

GoogleCloudPlatform / aactl

Star

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

build container gcp import predicate artifact gcb sbom attestations slsa cosign sigstore

Updated Nov 14, 2024
Go

goreleaser / goreleaser-example-slsa-provenance

Star

A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance

goreleaser slsa slsa3 slsalevel3 slsa-generic-generator slsa-provenance slsa-framework

Updated Oct 26, 2023
Go

hashicorp / actions-go-build

Star

Define a reproducible Go build.

go build reproducible crt slsa

Updated Nov 4, 2024
Go

janfuhrer / podsalsa

Star

Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification

provenance ko goreleaser sbom slsa supply-chain-security cosign

Updated Oct 14, 2024
Go

GoTurkiye / goreleaser-supply-chain-example

Star

A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

syft goreleaser sbom githubactions slsa grype cosign slsaprovenance