slsa
There are 40 repositories under slsa topic.
slsa-framework/slsa-github-generator
Language-agnostic SLSA provenance generation for Github Actions
chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
oracle/macaron
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
vishalgarg-sec/Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
mchmarny/s3cme
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
buildsafedev/bsf
Developer-centric tool to secure your software supply chain.
kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
philips-labs/slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
deislabs/image-layer-provenance
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
johnbillion/action-wordpress-plugin-attestation
GitHub Action to generate an attestation for the build provenance of a plugin ZIP file on WordPress.org
jenstroeger/python-package-template
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
martinbaillie/ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Vulnetix/vulnetix
Automate vulnerability triage which prioritizes remediation over discovery
albasystems/hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
ThomasVitale/supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
mattermost/builder
Mattermost builder
nais/salsa
SLSA level 3 action
GoogleCloudPlatform/aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
goreleaser/example-slsa-provenance
Example project using SLSA 3 Generic Generator with GoReleaser
boostsecurityio/supply-chain-research
boostsecurityio/supply-chain-research
docker/attest
Library to create, verify, and evaluate policy for attestations on container images
sergiomarotco/Azure-DevOps-Server-segmentation-cheat-sheet
Azure DevOps Server development system segmentation best practices
hashicorp/actions-go-build
Define a reproducible Go build.
jenkinsci/slsa-plugin
A Jenkins plugin to create SLSA provenance attestations
edgebitio/sbom-server
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
janfuhrer/podsalsa
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
GoTurkiye/goreleaser-supply-chain-example
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
OZI-Project/OZI
Python project packaging for Meson.
yandex-cloud-examples/yc-webinar-security-pipeline-2023
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
andros21/rustracer
rustracer - a multi-threaded raytracer in pure rust
dominikwilkowski/bronzies
A Lifesaver learning app for bronze proficiency level
hi-artem/provenance-generator-buildkite-plugin
A proof-of-concept SLSA provenance generator for Buildkite.
joinemm/nix-provenance-action
Create SLSA Provenance from nix flake
AEnguerrand/npm-publish-slsa-two-steps
Lab repository demonstrates how to create provenance without using the npm CLI and publish a package to npmjs.com with an attached provenance file (not generated by the npm CLI)
ifIMust/srsr
Really Simple Service Registry
egolessengineer/Food-Delivery-System
Hamburger, Sandwitch, Coke, ---