encapsule
By matrixApi
wg-securing-software-https | encapsule | |
---|---|---|
1 | 1 | |
- | 0 | |
- | - | |
- | 6.3 | |
- | 8 months ago | |
Python | ||
- | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-securing-software-https
Posts with mentions or reviews of wg-securing-software-https.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-05.
-
Python 3.12.0 from a supply chain security perspective
Great question! PyPI already supports Trusted Publishers [1], which gets you most of the benefits of SLSA build provenance (provable link between artifacts and a public software repository). Implementing Trusted Publishers is the recommended first step for ecosystems looking to implement build provenance [2].
[1] https://docs.pypi.org/trusted-publishers/
[2] https://github.com/ossf/wg-securing-software-https://docs.py...
I don't think there's a big effort /right now/ to implement complete SLSA build provenance for PyPI and expose it for users to verify.
encapsule
Posts with mentions or reviews of encapsule.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-10-05.
What are some alternatives?
When comparing wg-securing-software-https and encapsule you can also consider the following projects:
guac - GUAC aggregates software security metadata into a high fidelity graph database.
slsa-verifier - Verify provenance from SLSA compliant builders
setuptools - Official project repository for the Setuptools build system