Language-agnostic SLSA provenance generation for Github Actions
-
Updated
Nov 20, 2024 - Go
Language-agnostic SLSA provenance generation for Github Actions
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Developer-centric tool to secure your software supply chain.
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Github Action implementation of SLSA Provenance Generation
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
Stream, Mutate and Sign Images with AWS Lambda and ECR
SLSA level 3 action
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
Azure DevOps Server development system segmentation best practices
boostsecurityio/supply-chain-research
Add a description, image, and links to the slsa topic page so that developers can more easily learn about it.
To associate your repository with the slsa topic, visit your repo's landing page and select "manage topics."