Language-agnostic SLSA provenance generation for Github Actions
-
Updated
Sep 10, 2024 - Go
Language-agnostic SLSA provenance generation for Github Actions
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
Github Action implementation of SLSA Provenance Generation
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Developer-centric tool to secure your software supply chain.
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Azure DevOps Server development system segmentation best practices
A Lifesaver learning app for bronze proficiency level
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
Python project packaging for Meson.
SLSA level 3 action
Add a description, image, and links to the slsa topic page so that developers can more easily learn about it.
To associate your repository with the slsa topic, visit your repo's landing page and select "manage topics."