slsa topic

Language-agnostic SLSA provenance generation for Github Actions

slsa-framework

Stream, Mutate and Sign Images with AWS Lambda and ECR

martinbaillie

An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and relea...

jenstroeger

Github Action implementation of SLSA Provenance Generation

philips-labs

Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.

deislabs

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

mchmarny

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the...

vishalgarg-sec

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

chainloop-dev

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or che...

oracle

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

kubernetes-sigs