Starred repositories
Repository for design and specification of the Component Model
A local data lake for open source package metadata
Sealed execution environment for GitHub Actions. Stop supply chain attacks dead in their tracks.
Detect large rooftop solar PV installations from Sentinel-2 imagery at country/state/province scale, and flag large buildings that have visible solar but no solar mapping in OSM
Jekyll plugin that emits standard.site verification artifacts
standalone, Kubernetes-native Software Bill of Materials (SBOM) visualization and governance platform
Examine a GH user's profile, to help quickly decide how much to invest in their contributions.
Every package has a version story — browse the version history of every Homebrew formula and cask.
Harden your package manager configs against supply chain attacks.
Solidity Package Manager written in rust and integrated into Foundry (forge soldeer ...)
Foundry is a blazing fast, portable and modular toolkit for Ethereum application development written in Rust.
rsync in Go! implements client and server, which can send or receive files (upload, download, all directions supported)
Source code of the X-Road® data exchange layer software
CI and hosting for nix-based, flakified github repos
Pin your GitHub Actions. Prick holes in their supply chain security.
A manifest of JS modules and their more modern/active replacements
A composite GitHub Action that turns conventional commits into a draft release PR, tags the PR on merge, and stages publishing to npm via OIDC trusted publishing.
Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://ecl…
A tool to analyse your SBOM data at the organization level, graphing your entire ecosystem, not just by project
Common Vendor Excuse & Evasion Enumeration (CV3) - A taxonomy of vendor dismissal patterns for legitimate vulnerability reports