Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
-
Updated
Apr 18, 2024 - Rust
Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
cargo-crev to cargo-vet code review exporter
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Automatically assess and score software repositories for supply chain risk.
Dependency lockfiles for reproducible build environments 📦🔒
Experimental binary transparency for pacman with sigstore and rekor
Signing-key abuse and update exploitation framework
Independent verification of binary packages - reproducible builds
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."