Stars
Backend of the Tenzu project management software
Open source DocuSign alternative. Create, fill, and sign digital documents ✍️
Combine the power of nix-eval-jobs with nix-output-monitor to speed-up your evaluation and building process.
Trustix: Distributed trust and reproducibility tracking for binary caches [maintainer=@adisbladis]
OCI registry client - managing content like artifacts, images, packages
Daily updated vulnerability scans for selected Ghaf flake outputs
A suite of utilities to help with software supply chain challenges on nix targets
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
A vulnerability scanner for container images and filesystems
Signature Transparency Log designed for ease of use, low cost, and minimal maintenance
Supply-chain Levels for Software Artifacts
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
Code signing and transparency for containers and binaries
in-toto is a framework to protect supply chain integrity.
Machine-readable specification for the attestation of security-relevant data.
Gives criticality score for an open source project
The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously improve the S2C2F guide which outlines and defines how to s…
Umbrella Repository Service for TUF
The Controls Canvas is a Terminal User Interface that allows users to craft a new Gemara Layer 2 control catalog from a menu of available options.