Go software-supply-chain-security

Open-source Go projects categorized as software-supply-chain-security
Edit details
Topics: Security Golang Oauth2 openid-connect Go
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured

Top 3 Go software-supply-chain-security Projects

  • chain-bench

    An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.

  • openpubkey

    Reference implementation of OpenPubkey

    • Project mention: OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys | news.ycombinator.com | 2024-04-21

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • attestation

    in-toto Attestation Framework

    • Project mention: Gittuf – a security layer for Git using some concepts introduced by TUF | news.ycombinator.com | 2023-10-24

    It's multi-pronged and I imagine adopters may use a subset of features. Broadly, I think folks are going to be interested in a) branch/tag/reference protection rules, b) file protection rules (monorepo or otherwise, though monorepos do pose a very apt usecase for gittuf), and c) general key management for those who primarily care about Git signing.

    For those who care about a and b, I think the work we want to do to support [in-toto attestations](https://github.com/in-toto/attestation) for [SLSA's upcoming source track](https://github.com/slsa-framework/slsa/issues/956) could be very interesting as well.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Go software-supply-chain-security related posts

  • OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys

    1 project | news.ycombinator.com | 21 Apr 2024

  • Gittuf – a security layer for Git using some concepts introduced by TUF

    5 projects | news.ycombinator.com | 24 Oct 2023

  • CIS Software Supply Chain Security Guide

    1 project | /r/CKsTechNews | 19 Jul 2022

  • CIS Software Supply Chain Security Guide [pdf]

    1 project | news.ycombinator.com | 18 Jul 2022

Index

What are some of the best open-source software-supply-chain-security projects in Go? This list will help you:

Project Stars
1 chain-bench 700
2 openpubkey 563
3 attestation 190

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com