"topic:slsaprovenance" — Search

5 results for “topic:slsaprovenance”

Language-agnostic SLSA provenance generation for Github Actions

securitysecurity-hardeningsecurity-toolsslsaslsaprovenance

Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.

containercontainer-imagecontainerizationcontainerscvedockerocioci-imageorasprovenancesecuritysecurity-auditsecurity-toolsslsaslsaprovenancevulnerabilitiesvulnerabilityvulnerability-assessmentvulnerability-management

jenstroeger/python-package-template

An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.

Makefile3511Updated 1 month ago

conventional-commitspythonpython-packagerelease-automationreproducible-buildssbomsecure-by-designsecurity-automationslsaslsaprovenancetemplate-repository

GoTurkiye/goreleaser-supply-chain-example

A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

Go40Updated 3 years ago

cosigngithubactionsgoreleasergrypesbomslsaslsaprovenancesyft

ZoobyMoo2744/provenance-action

🔒 Fail CI if dependencies in your lockfile lose npm provenance or trusted publisher status, enhancing the security of your projects.

TypeScript00Updated 1 hour ago

adversarial-attacksadversarial-examplesgh-actions-repogithub-actionhacktoberfestin-totomachine-learningprovenancesecurityslsaslsa-frameworkslsa-provenanceslsaprovenancesoftware-supply-chainsupply-chain-securitysystem-securitytrusted-publishingwordpress