in-toto
algo
in-toto | algo | |
---|---|---|
4 | 155 | |
827 | 28,315 | |
0.8% | 0.3% | |
8.9 | 6.5 | |
9 days ago | 29 days ago | |
Python | Jinja | |
GNU General Public License v3.0 or later | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
in-toto
-
UEFI Software Bill of Materials Proposal
The things you mentioned are not solved by a typical "SBOM" but e.g. CycloneDX has extra fields to record provenance and pedigree and things like in-toto (https://in-toto.io/) or SLSA (https://slsa.dev/) also aim to work in this field.
I've spent the last six months in this field and people will tell you that this or that is an industry best practice or "a standard" but in my experience none of that is true. Everyone is still trying to figure out how best to protect the software supply chain security and things are still very much in flux.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
in-toto is an open source project that focuses on the attestation part of software supply chain security. You use it to define a “layout” for a project, i.e., how the different components should fit together. A project ships this definition with its code, and then another user of that software can compare what they have with the attached definition to see if it matches the structure and contents they expect. If it doesn’t, then this could point to external tampering or other issues.
-
How do you mitigate supply chain attacks?
But it's not all doom and gloom because the industry is evolving. Companies like Google are formulating tools like scorecard to heuristically reduce risk by encouraging you to rely on trustable dependencies only. There's also more complex tools like in-toto that actually look at the integrity of your supply chain (don't ask me how this one works, I just know that people like it).
- in-toto/in-toto: in-toto is a framework to protect supply chain integrity.
algo
- Show HN: WireHole New UI Makes Managing WireGuard Clients Easy
-
Wireguard with Algo VPN on VPS with tunnel-all traffic
Since we're already presuming you have a functional PFSense box with Wireguard installed and a VPS stood up, now you need to get Algo installed on the VPS. I'm not going to write this part out in detail, but basically you need to follow the procedures here to get Algo installed. However, *before* running ./algo you probably want to edit some of the config.cfg settings. I disabled IPSec (which saves a bunch of package installs and prevents a bunch of failures I saw on some of my VPSs), set my reduce_mtu setting to 80 just to prevent any MTU issues down the line, turned off DNS encryption, and renamed my users to the servers in question (for example: pfsense, vps_server, etc)
-
Best Platform to run Stable Diffusion REMOTELY: Answers Needed
Check out the command line args for Auto1111, it talks about a gradio setup that can be accessed remotely. There's a time limit on gradio links though, I think. You could also set up a vpn that will allow you to access your PC remotely, then run A1111 with the --listen command and access it that way. I've done this with an Algo VPN on Azure and a Wireguard client for Windows for Android, but any VPN that lets you access your PC remotely would work.
-
School does not allow VPN
One way you could try to get around is building your own VPN service, like this: https://github.com/trailofbits/algo/blob/master/README.md
-
Internet Kill switch not working
Things I have tried so far: Clear network cache and reset adapters - IDK it fix aprevious problem I had https://github.com/trailofbits/algo/discussions/14504
- Any servers working in Russia left?
-
Ubuntu Port Forwarding on Oracle. Is it just broken??? HELP!
(I can simply install Algo and get the Wireguard tunnel working, easy peasy... But from there, I can never get Plex port 32400 open... so I'm just trying from scratch now...)
-
Wireguard docker container - route traffic to host
Maybe try running algo vpn (following the road-warrior setup) in a VM instead? It has very light requirements. https://github.com/trailofbits/algo/blob/master/docs/deploy-to-ubuntu.md
- Quick VPN Setup with AWS Lightsail and WireGuard
- Onlyfans'in Türkiye'de yasaklanması için CİMER'e şikayet kampanyası başlatıldı.
What are some alternatives?
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
streisand - Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
tailscale - The easiest, most secure way to use WireGuard and 2FA.
ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
outline-apps - Outline Client and Manager, developed by Jigsaw. Outline Manager makes it easy to create your own VPN server. Outline Client lets you share access to your VPN with anyone in your network, giving them access to the free and open internet.
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
Visual Studio Code - Visual Studio Code
macOS-Security-and-Privacy-Guide - Guide to securing and improving privacy on macOS
pivpn - The Simplest VPN installer, designed for Raspberry Pi
i-probably-didnt-backdoor-this - A practical experiment on supply-chain security using reproducible builds
openvpn-install - OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora