Top 3 Go software-supply-chain-security Projects
-
chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Project mention: OpenPubkey: Protocol for leveraging OpenID to bind identities to public keys | news.ycombinator.com | 2024-04-21
Project mention: Gittuf – a security layer for Git using some concepts introduced by TUF | news.ycombinator.com | 2023-10-24It's multi-pronged and I imagine adopters may use a subset of features. Broadly, I think folks are going to be interested in a) branch/tag/reference protection rules, b) file protection rules (monorepo or otherwise, though monorepos do pose a very apt usecase for gittuf), and c) general key management for those who primarily care about Git signing.
For those who care about a and b, I think the work we want to do to support [in-toto attestations](https://github.com/in-toto/attestation) for [SLSA's upcoming source track](https://github.com/slsa-framework/slsa/issues/956) could be very interesting as well.
Go software-supply-chain-security related posts
Index
What are some of the best open-source software-supply-chain-security projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | chain-bench | 700 |
2 | openpubkey | 563 |
3 | attestation | 190 |
Sponsored