gittuf
trdl
gittuf | trdl | |
---|---|---|
2 | 1 | |
397 | 235 | |
21.2% | 0.9% | |
9.6 | 3.5 | |
7 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gittuf
-
Git Branches: Intuition and Reality
It actually does but it's very much in alpha/active development (under the umbrella of OpenSSF with the intent of being integrated into mainline git eventually).
https://github.com/gittuf/gittuf
-
Gittuf – a security layer for Git using some concepts introduced by TUF
Hey Will, thanks!
The paper is from quite a few years ago now and the reference is for a subset of gittuf's threat model, specifically the metadata manipulation / reference state attacks. The paper talks about MITM as one way to carry out a ref state attack, but if you're communicating with a compromised repository, you can be a victim of such an attack even if you're using authenticated transport and using signed commits / tags that you have a way of verifying.
We do have a threat model for gittuf that we've been meaning to add [0] to the design doc. I'll try and get that done today. It should probably be in there before we tag our alpha release. :)
[0] https://github.com/gittuf/gittuf/issues/95
trdl
What are some alternatives?
gitsign - Keyless Git signing using Sigstore
attestation - in-toto Attestation Framework
build-extra - Additional files and scripts to help build Git for Windows on MSYS2.
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.
go-tuf - Go implementation of The Update Framework (TUF)
example
slsa - Supply-chain Levels for Software Artifacts
wasm-to-oci - Use OCI registries to distribute Wasm modules