build-extra
gittuf
build-extra | gittuf | |
---|---|---|
3 | 2 | |
617 | 329 | |
1.0% | 4.9% | |
9.0 | 9.6 | |
8 days ago | 6 days ago | |
Inno Setup | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
build-extra
- Git Branches: Intuition and Reality
-
it's really sad that fish shell doesn't run on windows
Git for Windows SDK and run pacman
-
unable to open vscode from git. Getting 'Permission Denied' error (Details in comments)
-Git For Windows SDK
gittuf
-
Git Branches: Intuition and Reality
It actually does but it's very much in alpha/active development (under the umbrella of OpenSSF with the intent of being integrated into mainline git eventually).
https://github.com/gittuf/gittuf
-
Gittuf – a security layer for Git using some concepts introduced by TUF
Hey Will, thanks!
The paper is from quite a few years ago now and the reference is for a subset of gittuf's threat model, specifically the metadata manipulation / reference state attacks. The paper talks about MITM as one way to carry out a ref state attack, but if you're communicating with a compromised repository, you can be a victim of such an attack even if you're using authenticated transport and using signed commits / tags that you have a way of verifying.
We do have a threat model for gittuf that we've been meaning to add [0] to the design doc. I'll try and get that done today. It should probably be in there before we tag our alpha release. :)
[0] https://github.com/gittuf/gittuf/issues/95
What are some alternatives?
msys2-installer - The one-click installer for MSYS2
gitsign - Keyless Git signing using Sigstore
example
attestation - in-toto Attestation Framework
GitExtensions - Git Extensions is a standalone UI tool for managing git repositories. It also integrates with Windows Explorer and Microsoft Visual Studio (2015/2017/2019).
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.
go-tuf - Go implementation of The Update Framework (TUF)
slsa - Supply-chain Levels for Software Artifacts
trdl - The universal solution for delivering your software updates securely from a trusted The Update Framework (TUF) repository.
wasm-to-oci - Use OCI registries to distribute Wasm modules