python-tuf
tufup-example
| python-tuf | tufup-example | |
|---|---|---|
| 3 | 1 | |
| 1,586 | 11 | |
| 0.5% | - | |
| 9.3 | 6.8 | |
| 9 days ago | 3 months ago | |
| Python | Python | |
| Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
python-tuf
-
PyUpdater is not maintained anymore... even if we integrate Python-TUF in it?
Using Python-TUF, but it's purpose is not to package app, check new version and apply updates and patches, so a non negligible layer of development is needed to achieve the same work as the first choices.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Confusingly named, it’s not a framework, but a specification that developers can follow when implementing their update systems to help users know they can trust the updates they receive. There’s also a Python reference implementation.
-
PyUpdater is no longer maintained. What now? - Tufup: automated updates for stand-alone Python applications.
Hello world! I want to recommend a wonderful open-source package called Tufup. It's a simple software updater for stand-alone Python applications. This package was created as a replacement for PyUpdater, given the fact that PyUpdater has been archived and is no longer maintained. However, whereas PyUpdater implements a custom security mechanism to ensure authenticity (and integrity) of downloaded update files, Tufup is built on top of the security mechanisms implemented in the python-tuf package, a.k.a. TUF (The Update Framework). By entrusting the design of security measures to security professionals, Tufup can focus on high-level tools.
tufup-example
-
PyUpdater is no longer maintained. What now? - Tufup: automated updates for stand-alone Python applications.
PyUpdater was tightly integrated with PyInstaller, but Tufup is not. You can use Tufup with PyInstaller, as illustrated in the tufup-example, but it is not required. You can also use it with any other packaging method, or you can even distribute a plain python script or just any directory of files.
What are some alternatives?
WARP-UNLIMITED-ADVANCED - Get unlimited amount of data in Cloudflare's WARP VPN🔥
PyUpdater - Pyinstaller auto-update library
tufup - Automated updates for stand-alone Python applications.
kubeclarity - KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Kyverno - Kubernetes Native Policy Management
in-toto - in-toto is a framework to protect supply chain integrity.
vmclarity - VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems