joshuagl
Work on software supply chain security standards and tools โ๏ธ๐ฆ (TUF) / ๐ (SLSA) / ๐ (in-toto) / โ๏ธ (Sigstore). Previously worked on OE/YP.
VerizonUK
Pinned Repositories
root-signing-staging
Staging TUF repository for Sigstore trust root
slsa
slsa
Supply-chain Levels for Software Artifacts
specification
The Update Framework specification
taps
TUF Augmentation Proposals (TAPs)
joshuagl's Repositories
joshuagl/slsa
joshuagl/root-signing-staging
Staging TUF repository for Sigstore trust root
joshuagl/attestation
ITE-6 Attestation Definitions
joshuagl/distro-tools-for-containers
A survey of linux distro tools to make container images
joshuagl/draft-birkholz-scitt-architecture
A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in support of Supply Chain Integrity, Transparency, and Trust
joshuagl/flatcar-docs
Flatcar Container Linux Documentation (https://docs.flatcar-linux.org/)
joshuagl/foundation
โ๏ธโฎ๐ This repo contains several documents related to the operation of the CNCF. File non-technical issues related to CNCF here.
joshuagl/gitdm
๐Fork for tracking CNCF projects
joshuagl/go-tuf
Go implementation of The Update Framework (TUF)
joshuagl/governance
SLSA implementation of Community Specification governance
joshuagl/ITE
in-toto Enhancements
joshuagl/meson
The Meson Build System
joshuagl/ossindex-python
Python library for querying OSS Index
joshuagl/repository-service-tuf
Umbrella Repository Service for TUF
joshuagl/root-signing
joshuagl/s2c2f
The S2C2F SIG is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to securely consume Open Source Software (OSS) dependencies into the developerโs workflow.
joshuagl/sbom-know-how
A documentation to bring SBOMs know-how into one place, including specifications, tools and useful references.
joshuagl/securesystemslib
Cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
joshuagl/sig-security
๐CNCF Special Interest Group on Security -- secure access, policy control, privacy, auditing, explainability and more!
joshuagl/sigstore-python
A codesigning tool for Python packages
joshuagl/slsa-github-generator
Language-agnostic SLSA provenance generation for Github Actions
joshuagl/slsa-proposals
SLSA Proposals
joshuagl/specification
The Update Framework specification
joshuagl/tac
Technical Advisory Council
joshuagl/taps
TUF Augmentation Proposals (TAPs)
joshuagl/theupdateframework.io
Website assets for TUF
joshuagl/tuf
A framework for securing software update systems
joshuagl/tutorial-base
Base repository which will be used for OSS Europe 2022 tutorial
joshuagl/wg-developer-identity
OpenSSF WG Developer Identity
joshuagl/wg-endusers
OpenSSF Endusers Working Group