Language-agnostic SLSA provenance generation for Github Actions
-
Updated
Jul 3, 2024 - Go
Language-agnostic SLSA provenance generation for Github Actions
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Github Action implementation of SLSA Provenance Generation
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
Developer-centric tool to secure your software supply chain.
Stream, Mutate and Sign Images with AWS Lambda and ECR
SLSA level 3 action
A demonstration of showing how to use 💃SLSA 3 Generic Generator with GoReleaser to release artifacts while generating signed SLSA provenance
Sample Go application project with supply chain security workflows conforms to the SLSA Build Level 3 specification
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
A proof-of-concept SLSA provenance generator for Buildkite.
Ensignia Provenance Upload Action
Add a description, image, and links to the slsa topic page so that developers can more easily learn about it.
To associate your repository with the slsa topic, visit your repo's landing page and select "manage topics."