Proof of Human Intent (PoHI) - Cryptographically verifiable human approval for AI-driven development
Prototype Open Source Software Nutrition Labels
Dev tool to aggregate and focus on the changelog relevant to your codebase
CLI Vulnify - Faz o scan em seus projetos buscando por vulnerabilidades.
CLI to scan project dependencies and produce a single HTML report
A web-based UI for interacting with the Red Hat Trusted Artifact Signer (TAS) ecosystem. It provides user-friendly workflows for retrieving, verifying, and monitoring signed software artifacts, integrating with Sigstore services like Rekor, Fulcio, and TUF.
🔒 Fail CI if dependencies in your lockfile lose npm provenance or trusted publisher status, enhancing the security of your projects.
Add a description, image, and links to the software-supply-chain topic page so that developers can more easily learn about it.
To associate your repository with the software-supply-chain topic, visit your repo's landing page and select "manage topics."