This code is still considered experimental: it should not be relied on for important stuff and breaking changes are to be expected.

Graduated

• gitverify - verify signatures and integrity of Git repositories

CLIs

• cmd/gitrelease - create tag and tag.link for a release
• cmd/githash - compute Git hashes with alternative hash functions
• cmd/gohash - compute the hashes of Go packages in Git repositories
• cmd/dsse - convenience CLI for DSSE files
• cmd/gitsearch - a multi-string, multi-git-repo, all history, exact/fuzzy searcher
• cmd/repofetch - fetch all repos for a GitHub user or org

Libraries

• search - the Trie based search that powers gitsearch
• gitkit - a collection Git related functionality, including searching through Git history
• gitsearch - ties together gitkit and search
• iana - used to get TLDs for typosquatting
• hashset - hashsets are used a lot in the code and not part of the Go standard library
• githash - compute git hashes with alternative hash functions

The tools in cmd/ can be installed with go

go install github.com/supply-chain-tools/go-sandbox/cmd/githash@latest

Further information in the README for each tool.