Showcasing some example workflows to apply SLSA principles

The best way to write secure and reliable applications. Write nothing; deploy nowhere.

Development Containers: Use a container as a full-featured development environment.

Vagrant Box Packaging for Fedora

The SPDX specification in MarkDown and HTML formats.

Examples of SPDX files for software combinations

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

A vulnerability scanner for container images and filesystems

Open Policy Agent (OPA) is an open source, general-purpose policy engine.

Supply-chain Levels for Software Artifacts

GUAC aggregates software security metadata into a high fidelity graph database.

The home of the CUE language! Validate and define text-based and dynamic configuration

Official Flyway Docker images

Virtual machine templates for Fedora Silverblue

Simple service for testing upstream service communications

GitHub Action to build and push Docker images with Buildx

A library that generates an interactive radar, inspired by https://thoughtworks.com/radar/.

Provides the Sleet.Azure package for easily pushing packages to Azure storage-backed feeds

A static nuget feed generator for Azure Storage, AWS S3, and more.

FastAPI CRUD

🔥 HAPI FHIR - Java API for HL7 FHIR Clients and Servers

Ansible role for deploying Active Directory domain controllers

Packer templates to create Windows vagrant box images

A Terraform module for creating bastion host on AWS EC2 and populate its ~/.ssh/authorized_keys with public keys from bucket

🔒Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support

Some simple demos for Consul Connect