hagrid-container
Hagrid as in, "keeper of keys". Verifying OpenPGP keyserver, written in Rust. OCI image (by chimbosonic)
package-analysis
Open Source Package Analysis (by ossf)
hagrid-container | package-analysis | |
---|---|---|
1 | 2 | |
6 | 706 | |
- | 1.0% | |
2.4 | 9.2 | |
7 days ago | 5 days ago | |
Shell | Go | |
MIT License | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hagrid-container
Posts with mentions or reviews of hagrid-container.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-03.
-
Sigstore
Sigstore and cosign are so simple to use. I setup all the containers I maintain to be signed (This is done within the Github Action).
https://github.com/chimbosonic/hagrid-container
package-analysis
Posts with mentions or reviews of package-analysis.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-03.
-
Is my email safe with services like anonaddy?
You can try out this thing called Package Analysis by OSSF. It's obviously not a catch-all by any means, but it can help identify hidden malicious software in open source packages.
-
Sigstore
I agree. There are projects such as https://github.com/ossf/package-analysis and https://github.com/step-security/harden-runner that do behavior analysis. Disclaimer: I’m maintainer of the second one.
What are some alternatives?
When comparing hagrid-container and package-analysis you can also consider the following projects:
harden-runner - Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
rfcs - RubyGems + Bundler RFCs
sigstore-website - Codebase for sigstore.dev