OpenClarity is an open source platform built to enhance security and observability of cloud native applications and infrastructure

GUAC aggregates software security metadata into a high fidelity graph database.

Software Supply Chain Transparency Log

Go implementation of The Update Framework (TUF)

Scans Software Bill of Materials (SBOMs) for security vulnerabilities

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Common go library shared across sigstore services and clients

Software Supply Chain Security Platform

boostsecurityio/poutine

Official GitHub Action for OpenSSF Scorecard.

A tool to create, transform and attest VEX metadata

Throw a tag at it and it comes back with a checksum.

Go implementation of Centrifuge POD (Private Off-chain Data) node

CLI client (and Golang module) for deps.dev API. Free access to dependencies, licenses, advisories, and other critical health and security signals for open source package versions.

Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations

KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems

🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)

fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.

Typosquatting tool that supports OSINT investigations, and designed to operate on multilingual target domains.

Signature Transparency Log designed for ease of use, low cost, and minimal maintenance