Terraform for configuring private networking for GitHub-hosted Action Runners.

Software Supply Chain Security Platform

LangChain for Go, the easiest way to write LLM-based programs in Go

Go implementation of The Update Framework heavily influenced by python-tuf

Go library for Sigstore signing and verification

Home of the clients SIG

Generate SBOMs with gh CLI

Go library for Sigstore signing and verification

JavaScript implementation of The Update Framework (TUF)

OpenSSF Scorecard - Security health metrics for Open Source

Specification of sigstore's architecture in an IETF internet-draft format

Raspberry Pi config for all things Internet.

Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.

Code-signing for npm packages

Log monitor for Rekor to verify immutability and monitor entries

Simple command line tool to generate and verify COSE signatures

OSS-Fuzz - continuous fuzzing for open source software.

Code signing and transparency for containers and binaries

Linux virtual machines, with a focus on running containers

🔮 ✈️ to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures

Wifi MQTT Data Logging via an esp8266 for the Ikea VINDRIKTNING PM2.5 air quality sensor

A minimal distribution of Knative and Tekton, and CLI.

KinK is a helper CLI that facilitates to manage KinD clusters as Kubernetes pods. Designed to ease clusters up for fast testing with batteries included in mind.

A curated list of SBOM (Software Bill Of Materials) related tools, frameworks, blogs, podcasts, and articles

🔐 CDF Special Interest Group on Security -- secure access, policy control, privacy, auditing, explainability and more!

wire protocol for multiplexing connections or streams into a single connection, based on a subset of the SSH Connection Protocol

reactssr is a package for rendering React applications.