#Slsa
Showing 7 of 7 repositories tagged #slsa, ranked by stars
GUAC aggregates software security metadata into a high fidelity graph database.
Language-agnostic SLSA provenance generation for Github Actions
SDLC evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detect malicious Python packages, or check conformance to frameworks, such as SLSA. Documentation:
Trusted builds made easy! A cloud-native software factory for building, testing, and releasing trusted software artifacts
Official Docker-maintained reusable GitHub Actions workflows to securely build container images
Cross-platform dotfiles (macOS/Linux/WSL) managed by chezmoi — bash·zsh·fish·nushell parity, a fast dot CLI, wallpaper-driven themes, encrypted secrets, SLSA-signed releases, and AI/MCP-aware tooling.