An Awesome List of books, videos, and other resources for learning about the history of software engineering

live sync audio streaming for local networks

Collating an overview of the open source software supply chain landscape -- and synthesizing that survey in a hopefully-useful way.

A web app to visualize your TUF repositories

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

A monospaced programming font inspired by the Minecraft typeface

Riff automatically provides external dependencies for Rust projects, with support for other languages coming soon.

Darkfiles finds orphaned files in container images and makes them to bad deeds

stage1 bootstrap for wolfi

The model for the information captured in SPDX version 3 standard.

TUF repository for Sigstore trust root

Code-signing for npm packages

📚 A curated list of papers for Software Engineers

Export your OneNote note collection to Obsidian, Logseq, Org Mode or any other plain text note-taking app!

A dataset of software supply chain compromises. Please help us maintain it!

A compilation of resources in the software supply chain security domain, with emphasis on open source

Automated updates for stand-alone Python applications.

The reliability of disk images, the flexibility of files

Mega list of 1 on 1 meeting questions compiled from a variety to sources

A reading list for software supply-chain security.

A tool for securing CI/CD workflows with version pinning.

Hackage security framework based on TUF (The Update Framework)

A Sigstore client written in Python

High-performance extensible build system for reproducible multi-language builds.

Microsoft Build Accelerator

build APKs from source code

Hadrian: a new build system for the Glasgow Haskell Compiler

Comparison of build program expressive power

Forward build system with speculation and caching