A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
-
Updated
Jun 19, 2024 - Rust
A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.
Signing-key abuse and update exploitation framework
Automatically assess and score software repositories for supply chain risk.
Comparing crates.io contents with the corresponding Git repositories to check for supply chain attacks.
Authenticate the cryptographic chain-of-custody of Linux distributions (like Arch Linux and Debian) to their source code inputs
Experimental binary transparency for pacman with sigstore and rekor
cargo-crev to cargo-vet code review exporter
Dependency lockfiles for reproducible build environments 📦🔒
Independent verification of binary packages - reproducible builds
Manage lockfiles in PKGBUILDs for upstreams that don't ship them, `updpkgsums` for dependency trees (Arch Linux tooling)
Authenticate a tarball through a signed tag in a git repository (with reproducible builds)
Reproducible Builds: Scraper/Parser for https://buildinfos.debian.net into structured data
Add a description, image, and links to the supply-chain-security topic page so that developers can more easily learn about it.
To associate your repository with the supply-chain-security topic, visit your repo's landing page and select "manage topics."