Really Simple Service Registry

Ensignia Provenance Upload Action

A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance

SLSA level 3 action

A proof-of-concept SLSA provenance generator for Buildkite.

Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification

Stream, Mutate and Sign Images with AWS Lambda and ECR

A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance

Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.

Library to create, verify, and evaluate policy for attestations on container images

Define a reproducible Go build.

Google Container Analysis data import utility, supports OSS vulnerability scanner reports, SLSA provenance and sigstore attestations.

Mattermost builder

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

Developer-centric tool to secure your software supply chain.

Github Action implementation of SLSA Provenance Generation

Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.

Language-agnostic SLSA provenance generation for Github Actions