Software Supply Chain Transparency Log
-
Updated
Jun 27, 2024 - Go
Software Supply Chain Transparency Log
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Github Action implementation of SLSA Provenance Generation
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
Cryptographic, immutable, append only software release ledger.
SLSA level 3 action
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
Attested indelible development provenance for the Conreality project.
A proof-of-concept SLSA provenance generator for Buildkite.
Rudimentary reification for Wikidata
Add a description, image, and links to the provenance topic page so that developers can more easily learn about it.
To associate your repository with the provenance topic, visit your repo's landing page and select "manage topics."