Independent verification of binary packages - reproducible builds
-
Updated
Sep 20, 2024 - Rust
#
supply-chain-security
Here are 14 public repositories matching this topic...
Signing-key abuse and update exploitation framework
-
Updated
Sep 3, 2024 - Rust
Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)
-
Updated
Jul 23, 2024 - Rust
Automatically assess and score software repositories for supply chain risk.
-
Updated
Nov 1, 2024 - Rust
Dependency lockfiles for reproducible build environments 📦🔒
-
Updated
Oct 19, 2024 - Rust
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
-
Updated
Jul 22, 2024 - Rust
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
-
Updated
May 28, 2022 - Rust
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
-
Updated
Jul 3, 2024 - Rust
nix2sbom extracts the CycloneDX and SPDX SBOM (Software Bill of Materials) from a Nix derivation
security
nix
nixos
supply-chain
spdx
software-bill-of-materials
purl
sbom
github-actions
cyclonedx
supply-chain-security
sbom-generator
-
Updated
Oct 13, 2024 - Rust
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
-
Updated
Jan 31, 2022 - Rust
cargo-crev to cargo-vet code review exporter
-
Updated
Oct 29, 2024 - Rust
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
-
Updated
Oct 31, 2024 - Rust
Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
-
Updated
Apr 18, 2024 - Rust
Improve this page
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."