slsa

There are 36 repositories under slsa topic.

slsa-framework/slsa-github-generator
Language-agnostic SLSA provenance generation for Github Actions
Language:Go390 16 2.5k115
chainloop-dev/chainloop
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Language:Go328 9 33425
vishalgarg-sec/Software-Supply-Chain-Security
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
115 6 012
oracle/macaron
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
Language:Python113 10 20318
kubernetes-sigs/tejolote
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Language:Go55 5 49
mchmarny/s3cme
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Language:Go46 4 78
philips-labs/slsa-provenance-action
Github Action implementation of SLSA Provenance Generation
Language:Go45 6 6518
deislabs/image-layer-provenance
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
Language:Go40 3 32
jenstroeger/python-package-template
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
Language:Makefile33 4 7311
buildsafedev/bsf
Developer-centric tool to secure your software supply chain.
Language:Go26 2 122
martinbaillie/ocistow
Stream, Mutate and Sign Images with AWS Lambda and ECR
Language:Go18 3 01
albasystems/hello-slsa
Project that demonstrates the implementation of SLSA L3 with Github Workflows and Sigstore. Bonus: binary authorization with Kyverno.
Language:CUE13 0 01
mattermost/builder
Mattermost builder
Language:Go11 24 04
nais/salsa
SLSA level 3 action
Language:Go11 5 321
GoogleCloudPlatform/aactl
Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.
Language:Go9 15 185
goreleaser/goreleaser-example-slsa-provenance
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
Language:Go9 2 01
ThomasVitale/supply-chain-security-java
Samples showing how to secure the supply chain for Java applications.
Language:Java9 2 02
boostsecurityio/supply-chain-research
boostsecurityio/supply-chain-research
7 8 00
hashicorp/actions-go-build
Define a reproducible Go build.
Language:Go6 8 113
sergiomarotco/Azure-DevOps-Server-segmentation-cheat-sheet
Azure DevOps Server development system segmentation best practices
6 2 15
edgebitio/sbom-server
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
Language:Rust5 3 21
jenkinsci/slsa-plugin
A Jenkins plugin to create SLSA provenance attestations
Language:Java5 4 01
GoTurkiye/goreleaser-supply-chain-example
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
Language:Go4 3 00
janfuhrer/podsalsa
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
Language:Go4 1 01
yandex-cloud-examples/yc-webinar-security-pipeline-2023
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
4 4 01
andros21/rustracer
rustracer - a multi-threaded raytracer in pure rust
Language:Rust3 2 71
OZI-Project/OZI
Python project packaging for Meson.
Language:Python3 2 262
dominikwilkowski/bronzies
A Lifesaver learning app for bronze proficiency level
Language:JavaScript2 3 123
hi-artem/provenance-generator-buildkite-plugin
A proof-of-concept SLSA provenance generator for Buildkite.
Language:Go2 1 31
joinemm/nix-provenance
Create SLSA Provenance from nix flake
Language:Shell1 1 0
ensigniasec/upload-provenance
Ensignia Provenance Upload Action
Language:Go0 2 00
iamsnowyowl/Food-Delivery-System
Hamburger, Sandwitch, Coke, ---
Language:JavaScript0 1 00
nais/salsa-action
Sign and attest images
Language:Python0 1 00
trivialsec/triage-by-trivial-security
Your Comprehensive Vulnerability Management Tool
Language:Vue00
salrashid123/cosign_kaniko_cloud_build
Deterministic container hashes and container signing using Cosign, Kaniko and Google Cloud Build
Language:Dockerfile3 0
shenxianpeng/slsa-provenance-demo
SLSA generate and verify provenance demo
Language:Python1 0

slsa

slsa-framework/slsa-github-generator

chainloop-dev/chainloop

vishalgarg-sec/Software-Supply-Chain-Security

oracle/macaron

kubernetes-sigs/tejolote

mchmarny/s3cme

philips-labs/slsa-provenance-action

deislabs/image-layer-provenance

jenstroeger/python-package-template

buildsafedev/bsf

martinbaillie/ocistow

albasystems/hello-slsa

mattermost/builder

nais/salsa

GoogleCloudPlatform/aactl

goreleaser/goreleaser-example-slsa-provenance

ThomasVitale/supply-chain-security-java

boostsecurityio/supply-chain-research

hashicorp/actions-go-build

sergiomarotco/Azure-DevOps-Server-segmentation-cheat-sheet

edgebitio/sbom-server

jenkinsci/slsa-plugin

GoTurkiye/goreleaser-supply-chain-example

janfuhrer/podsalsa

yandex-cloud-examples/yc-webinar-security-pipeline-2023

andros21/rustracer

OZI-Project/OZI

dominikwilkowski/bronzies

hi-artem/provenance-generator-buildkite-plugin

joinemm/nix-provenance

ensigniasec/upload-provenance

iamsnowyowl/Food-Delivery-System

nais/salsa-action

trivialsec/triage-by-trivial-security

salrashid123/cosign_kaniko_cloud_build

shenxianpeng/slsa-provenance-demo