Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
-
Updated
Jan 31, 2022 - Rust
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Independent verification of binary packages - reproducible builds
Dependency lockfiles for reproducible build environments 📦🔒
cargo-crev to cargo-vet code review exporter
Experimental binary transparency for pacman with sigstore and rekor
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
Signing-key abuse and update exploitation framework
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Automatically assess and score software repositories for supply chain risk.
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."