slsa
There are 36 repositories under slsa topic.
slsa-framework/slsa-github-generator
Language-agnostic SLSA provenance generation for Github Actions
chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
vishalgarg-sec/Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
oracle/macaron
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
mchmarny/s3cme
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
philips-labs/slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
deislabs/image-layer-provenance
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
jenstroeger/python-package-template
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
buildsafedev/bsf
Developer-centric tool to secure your software supply chain.
martinbaillie/ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
albasystems/hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
mattermost/builder
Mattermost builder
nais/salsa
SLSA level 3 action
GoogleCloudPlatform/aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
goreleaser/goreleaser-example-slsa-provenance
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
ThomasVitale/supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
boostsecurityio/supply-chain-research
boostsecurityio/supply-chain-research
hashicorp/actions-go-build
Define a reproducible Go build.
sergiomarotco/Azure-DevOps-Server-segmentation-cheat-sheet
Azure DevOps Server development system segmentation best practices
edgebitio/sbom-server
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
jenkinsci/slsa-plugin
A Jenkins plugin to create SLSA provenance attestations
GoTurkiye/goreleaser-supply-chain-example
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
janfuhrer/podsalsa
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
yandex-cloud-examples/yc-webinar-security-pipeline-2023
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
andros21/rustracer
rustracer - a multi-threaded raytracer in pure rust
OZI-Project/OZI
Python project packaging for Meson.
dominikwilkowski/bronzies
A Lifesaver learning app for bronze proficiency level
hi-artem/provenance-generator-buildkite-plugin
A proof-of-concept SLSA provenance generator for Buildkite.
joinemm/nix-provenance
Create SLSA Provenance from nix flake
ensigniasec/upload-provenance
Ensignia Provenance Upload Action
iamsnowyowl/Food-Delivery-System
Hamburger, Sandwitch, Coke, ---
nais/salsa-action
Sign and attest images
trivialsec/triage-by-trivial-security
Your Comprehensive Vulnerability Management Tool
salrashid123/cosign_kaniko_cloud_build
Deterministic container hashes and container signing using Cosign, Kaniko and Google Cloud Build
shenxianpeng/slsa-provenance-demo
SLSA generate and verify provenance demo