Language-agnostic SLSA provenance generation for Github Actions
-
Updated
Dec 17, 2024 - Go
Language-agnostic SLSA provenance generation for Github Actions
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
An opinionated Python package/application template repository, with SLSA and SBOM support built in, enabled for security scanners, code linters, typing, testing and code coverage monitoring, and release automation for reproducible builds.
A demonstration of how GoReleaser can help us to make software supply chain more secure by using bunch of tools such as cosign, syft, grype, slsa-provenance
Add a description, image, and links to the slsaprovenance topic page so that developers can more easily learn about it.
To associate your repository with the slsaprovenance topic, visit your repo's landing page and select "manage topics."