Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
example
-
Git Branches: Intuition and Reality
The branch_ref.name prints "refs/remotes/origin/test" but git status says "HEAD detached at origin/test"
So I'm probably feeding the wrong thing into repo.checkout, but I'm honestly not sure what else it should be.
Funnily enough, git itself tries to do the right thing if pulled in a detached head state:
From https://github.com/testorg/example
gittuf
-
Git Branches: Intuition and Reality
It actually does but it's very much in alpha/active development (under the umbrella of OpenSSF with the intent of being integrated into mainline git eventually).
https://github.com/gittuf/gittuf
-
Gittuf – a security layer for Git using some concepts introduced by TUF
Hey Will, thanks!
The paper is from quite a few years ago now and the reference is for a subset of gittuf's threat model, specifically the metadata manipulation / reference state attacks. The paper talks about MITM as one way to carry out a ref state attack, but if you're communicating with a compromised repository, you can be a victim of such an attack even if you're using authenticated transport and using signed commits / tags that you have a way of verifying.
We do have a threat model for gittuf that we've been meaning to add [0] to the design doc. I'll try and get that done today. It should probably be in there before we tag our alpha release. :)
[0] https://github.com/gittuf/gittuf/issues/95
What are some alternatives?
build-extra - Additional files and scripts to help build Git for Windows on MSYS2.
gitsign - Keyless Git signing using Sigstore
Git - Git Source Code Mirror - This is a publish-only repository but pull requests can be turned into patches to the mailing list via GitGitGadget (https://gitgitgadget.github.io/). Please follow Documentation/SubmittingPatches procedure for any of your improvements.
attestation - in-toto Attestation Framework
GitExtensions - Git Extensions is a standalone UI tool for managing git repositories. It also integrates with Windows Explorer and Microsoft Visual Studio (2015/2017/2019).
git-secret - :busts_in_silhouette: A bash-tool to store your private data inside a git repository.
go-tuf - Go implementation of The Update Framework (TUF)
slsa - Supply-chain Levels for Software Artifacts
trdl - The universal solution for delivering your software updates securely from a trusted The Update Framework (TUF) repository.
wasm-to-oci - Use OCI registries to distribute Wasm modules