rustracer - a multi-threaded raytracer in pure rust

Python project packaging for Meson.

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

Library to create, verify, and evaluate policy for attestations on container images

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Samples showing how to secure the supply chain for Java applications.

Developer-centric tool to secure your software supply chain.

Automate vulnerability triage which prioritizes remediation over discovery

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:

Github Action implementation of SLSA Provenance Generation

Language-agnostic SLSA provenance generation for Github Actions

Define a reproducible Go build.

Generates SBOMs remotely in a verifiable manner (SLSA Build L3)

An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.

⚡ Next.js storefront for high-performance eCommerce with AI features and one-click deployment

Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification

Really Simple Service Registry

A Jenkins plugin to create SLSA provenance attestations

Create SLSA Provenance from nix flake

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.