in-toto
macOS-Security-and-Privacy-Guide
in-toto | macOS-Security-and-Privacy-Guide | |
---|---|---|
4 | 25 | |
827 | 20,889 | |
0.8% | - | |
8.9 | 9.6 | |
9 days ago | about 1 month ago | |
Python | Python | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
in-toto
-
UEFI Software Bill of Materials Proposal
The things you mentioned are not solved by a typical "SBOM" but e.g. CycloneDX has extra fields to record provenance and pedigree and things like in-toto (https://in-toto.io/) or SLSA (https://slsa.dev/) also aim to work in this field.
I've spent the last six months in this field and people will tell you that this or that is an industry best practice or "a standard" but in my experience none of that is true. Everyone is still trying to figure out how best to protect the software supply chain security and things are still very much in flux.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
in-toto is an open source project that focuses on the attestation part of software supply chain security. You use it to define a “layout” for a project, i.e., how the different components should fit together. A project ships this definition with its code, and then another user of that software can compare what they have with the attached definition to see if it matches the structure and contents they expect. If it doesn’t, then this could point to external tampering or other issues.
-
How do you mitigate supply chain attacks?
But it's not all doom and gloom because the industry is evolving. Companies like Google are formulating tools like scorecard to heuristically reduce risk by encouraging you to rely on trustable dependencies only. There's also more complex tools like in-toto that actually look at the integrity of your supply chain (don't ask me how this one works, I just know that people like it).
- in-toto/in-toto: in-toto is a framework to protect supply chain integrity.
macOS-Security-and-Privacy-Guide
- Hardening macOS
- I’m struggling to add my credit card info to deviantart
-
How to indicate that a laptop is locked and thus useless for thieves
Hi friends, I followed this guide: https://github.com/drduh/macOS-Security-and-Privacy-Guide and some additional steps to protect my macbook from being accessed by unauthorized people. The key steps I did was a full disk encryption and a custom firmware password. This makes it extremely difficult to repurpose my macbook after for example a theft. The reason I want this is that I often study in university or sometimes work in public places, but I also work as a software developer with sensitive consumer data.
-
Orion Browser
https://github.com/drduh/macOS-Security-and-Privacy-Guide/is...
-
my first Mac! any tips or suggestions?
turn on FileVault , turn on the firewall (built in). install Lulu firewall follow this guide and harden the system https://github.com/drduh/macOS-Security-and-Privacy-Guide
- macOS-Security-and-Privacy-Guide: Guide to securing and improving privacy on macOS
-
Privacy Guide for MacOS Ventura?
I'm looking for a guide to harden MacOS Ventura, preferably including little snitch/lulu blocklist suggestions for MacOS services. I'm aware of dr druh's guide (that currently doesn't seem to be updated for Ventura though) and isn't including a little snitch/lulu blocklist.
- “Confirm that you’re not a robot” malware
-
Ask HN: What do you do for online privacy?
- macos, following https://github.com/drduh/macOS-Security-and-Privacy-Guide for hardening (I haven't compared this to other hardening guides, but doing something is better than nothing)
-
Tips and Guide to MacOS
I remember seeing this, I have never followed it so I don't know what it's worth but it's seems quite comprehensive
What are some alternatives?
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
macOS-enterprise-privileges - For Mac users in an Enterprise environment, this app gives the User control over administration of their machine by elevating their level of access to Administrator privileges on macOS. Users can set the time frame using Preferences to perform specific tasks such as install or remove an application.
scorecard - OpenSSF Scorecard - Security health metrics for Open Source
apple-telemetry - Domain blocklists, IP blocklists, Little Snitch .lsrules, and cloaking files for blocking Apple telemetry
ochrona-cli - A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
PopClip-Extensions - Source code extensions in the official PopClip Extensions directory.
pip-audit - Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
macos_security - macOS Security Compliance Project
i-probably-didnt-backdoor-this - A practical experiment on supply-chain security using reproducible builds
MailTrackerBlocker - Email tracker, read receipt and spy pixel blocker plugin for macOS Mail (10.11-13.x)
algo - Set up a personal VPN in the cloud
BLEUnlock - Lock/unlock your Mac with your iPhone, Apple Watch, or any other Bluetooth LE devices