slsa-github-generator
appvm
slsa-github-generator | appvm | |
---|---|---|
3 | 2 | |
378 | 238 | |
5.3% | - | |
9.0 | 0.0 | |
6 days ago | almost 2 years ago | |
Go | Go | |
Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
slsa-github-generator
- SLSA up to v1.9.0 (latest) breaking GHA pipelines
-
UEFI Software Bill of Materials Proposal
https://github.com/slsa-framework/slsa-github-generator#gene... :
> Supply chain Levels for Software Artifacts, or SLSA (salsa), is a security framework, a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises.
> SLSA defines an incrementally-adoptable set of levels which are defined in terms of increasing compliance and assurance. SLSA levels are like a common language to talk about how secure software, supply chains and their component parts really are.
- slsa-github-generator: Language-agnostic SLSA provenance generation for Github Actions
appvm
-
Combining NixOS with Qubes/Tails
Have you considered this https://github.com/jollheef/appvm?
-
If a linux/unix was rewritten today, what would be different?
Isolation through virtual machines. Qubes OS is the prime example, also I like appvm a lot.
What are some alternatives?
Open-Source-Security-Guide - Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
redox - Mirror of https://gitlab.redox-os.org/redox-os/redox
slsa-provenance-action - Github Action implementation of SLSA Provenance Generation
wondershaper - Command-line utility for limiting an adapter's bandwidth
trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
miniguest - [UNMAINTAINED] lightweight NixOS images
vuls - Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak and similar projects
gitleaks - Protect and discover secrets using Gitleaks 🔑
libconfini - Yet another INI parser
GptHidra - GptHidra is a Ghidra plugin that uses the OpenAI Chat GPT to explain functions. With GptHidra, you can easily understand the purpose and behavior of functions in your codebase. Now with GPT4 Support!
cli-guidelines - A guide to help you write better command-line programs, taking traditional UNIX principles and updating them for the modern day.