gittuf
build-extra
gittuf | build-extra | |
---|---|---|
2 | 3 | |
397 | 617 | |
6.0% | 1.0% | |
9.6 | 9.0 | |
about 6 hours ago | 4 days ago | |
Go | Inno Setup | |
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gittuf
-
Git Branches: Intuition and Reality
It actually does but it's very much in alpha/active development (under the umbrella of OpenSSF with the intent of being integrated into mainline git eventually).
https://github.com/gittuf/gittuf
-
Gittuf – a security layer for Git using some concepts introduced by TUF
Hey Will, thanks!
The paper is from quite a few years ago now and the reference is for a subset of gittuf's threat model, specifically the metadata manipulation / reference state attacks. The paper talks about MITM as one way to carry out a ref state attack, but if you're communicating with a compromised repository, you can be a victim of such an attack even if you're using authenticated transport and using signed commits / tags that you have a way of verifying.
We do have a threat model for gittuf that we've been meaning to add [0] to the design doc. I'll try and get that done today. It should probably be in there before we tag our alpha release. :)
[0] https://github.com/gittuf/gittuf/issues/95
build-extra
- Git Branches: Intuition and Reality
-
it's really sad that fish shell doesn't run on windows
Git for Windows SDK and run pacman
-
unable to open vscode from git. Getting 'Permission Denied' error (Details in comments)
-Git For Windows SDK
What are some alternatives?
gitsign - Keyless Git signing using Sigstore
msys2-installer - The one-click installer for MSYS2
attestation - in-toto Attestation Framework
example
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.
GitExtensions - Git Extensions is a standalone UI tool for managing git repositories. It also integrates with Windows Explorer and Microsoft Visual Studio (2015/2017/2019).
go-tuf - Go implementation of The Update Framework (TUF)
slsa - Supply-chain Levels for Software Artifacts
trdl - The universal solution for delivering your software updates securely from a trusted The Update Framework (TUF) repository.
wasm-to-oci - Use OCI registries to distribute Wasm modules