-
go-db-credential-refresh Public
Reconnecting, credential refreshing SQL DB driver adapter in Go
Go MIT License UpdatedDec 22, 2025 -
OSSC_DirtyDancing Public
Repo for examples from Open Source Security Con talk in Atlanta
Dockerfile Apache License 2.0 UpdatedNov 10, 2025 -
archivista-data-provider Public
Forked from testifysec/archivista-data-providerIntegrate OPA Gatekeeper's new ExternalData feature with witness to determine whether the images are valid by verifying them against a witness policy
Go Apache License 2.0 UpdatedOct 27, 2025 -
⚖️ The CNCF Technical Oversight Committee (TOC) is the technical governing body of the CNCF Foundation.
Go UpdatedSep 3, 2025 -
in-toto.io Public
Forked from in-toto/in-toto.ioThe in-toto website and documentation
SCSS UpdatedSep 2, 2025 -
friends Public
Forked from in-toto/friendsFriends of in-toto! A place to record integrations and adoptions of the in-toto specification.
Python UpdatedAug 27, 2025 -
go-witness Public
Forked from in-toto/go-witnessGo implementation of witness
Go Apache License 2.0 UpdatedAug 26, 2025 -
witness-run-action Public
Forked from testifysec/witness-run-actionJavaScript Apache License 2.0 UpdatedAug 6, 2025 -
typhoon Public
Forked from poseidon/typhoonMinimal and free Kubernetes distribution with Terraform
HCL MIT License UpdatedMay 16, 2025 -
security-assessments Public
Forked from ossf/security-assessmentsApache License 2.0 UpdatedApr 3, 2025 -
-
synology-csi Public
Forked from SynologyOpenSource/synology-csiGo Apache License 2.0 UpdatedMar 19, 2025 -
security-baseline Public
Forked from ossf/security-baselineGo Apache License 2.0 UpdatedFeb 18, 2025 -
wg-globalcyberpolicy Public
Forked from ossf/wg-globalcyberpolicyGlobal Cyber Policy Working Group
Apache License 2.0 UpdatedFeb 12, 2025 -
witness-webhook Public
Forked from testifysec/witness-webhookGo Apache License 2.0 UpdatedDec 9, 2024 -
archivista Public
Forked from in-toto/archivistaArchivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
Go Apache License 2.0 UpdatedDec 6, 2024 -
homebrew-core Public
Forked from Homebrew/homebrew-core🍻 Default formulae for the missing package manager for macOS (or Linux)
Ruby BSD 2-Clause "Simplified" License UpdatedDec 5, 2024 -
-
in-toto-community Public
Forked from in-toto/communityin-toto is a framework to secure the software supply chain.
UpdatedOct 30, 2024 -
witness Public
Forked from in-toto/witnessWitness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Go Apache License 2.0 UpdatedOct 1, 2024 -
specification Public
Forked from theupdateframework/specificationThe Update Framework specification
Python Other UpdatedMar 26, 2024 -
taps Public
Forked from theupdateframework/tapsTUF Augmentation Proposals (TAPs)
Other UpdatedMar 21, 2024 -
fulcio Public
Forked from sigstore/fulcioSigstore OIDC PKI
Go Apache License 2.0 UpdatedFeb 28, 2024 -
go-securesystemslib Public
Forked from secure-systems-lab/go-securesystemslibCryptographic and general-purpose routines for Golang Secure Systems Lab projects at NYU
Go MIT License UpdatedFeb 21, 2024 -
clomonitor Public
Forked from cncf/clomonitorCLOMonitor is a tool that periodically checks open source projects repositories to verify they meet certain project health best practices
TypeScript Apache License 2.0 UpdatedNov 16, 2023 -
-
cosign Public
Forked from sigstore/cosignContainer Signing
Go Apache License 2.0 UpdatedSep 12, 2023 -
people Public
Forked from cncf/peopleStores the data that will populate the various people listings on cncf.io
Makefile MIT License UpdatedFeb 24, 2023 -
community Public
Forked from sigstore/communityGeneral sigstore community repo
Apache License 2.0 UpdatedNov 2, 2022 -
ssc-reading-list Public
Forked from chainguard-dev/ssc-reading-listA reading list for software supply-chain security.
UpdatedMay 20, 2022
{{ message }}