Python project packaging for Meson.
-
Updated
Jun 10, 2024 - Python
Python project packaging for Meson.
Your Comprehensive Vulnerability Management Tool
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Language-agnostic SLSA provenance generation for Github Actions
Github Action implementation of SLSA Provenance Generation
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or check conformance to frameworks, such as SLSA.
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
SLSA level 3 action
Create SLSA Provenance from nix flake
Материалы к вебинару «Как выстроить процесс безопасной разработки в Yandex Cloud».
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the web.
Add a description, image, and links to the slsa topic page so that developers can more easily learn about it.
To associate your repository with the slsa topic, visit your repo's landing page and select "manage topics."