The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 9 Go supply-chain Projects
-
kubeclarity
KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
witness
Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
-
fatbom
fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool's strength.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
chainmetric-network
Hyperledger Fabric network for IoT enabled permissioned blockchain with sensor requirements control Smart Contracts
-
chainmetric-iot
Embedded IoT sensor system for harvesting environment data and publishing it onto the permissioned blockchain network
Project mention: Building Secure Docker Images for Production - Best Practices | dev.to | 2023-06-30In the following steps, we use a local Kubernetes cluster (such as kind) to test the image. With the cluster up and running, let's install some tooling to help us with image scanning. In this case, we're using KubeClarity. Follow the installation instructions in the README to install it into your development cluster.
Project mention: Obtainium – Get Android App Updates Directly from the Source | news.ycombinator.com | 2023-10-10There could be asset hashes in sigstore: https://sigstore.dev/
Is there a good way to run native mobile app GUI tests with GitHub Actions?
A VM/container emulator like anbox, waydroid, (or all of ChromeOS Flex in KVM) in a GitHub Action is probably enough to run GUI tests?
"Build your own SLSA 3+ provenance builder on GitHub Actions"
We have lots of work to do. https://github.com/in-toto/witness
Full disclosure, I am a member of the steering committee for in-toto and the CEO of TestifySec which in the main contributor to Witness.
It's worth checking out what stacklok.com are up too.
startup founded by the creator of sigstore and a co-founder of kubernetes. They are building a supply chain platform called https://github.com/stacklok/minder
It seems early in and mostly focused on GitHub right now, but I spoke to one of the engineers on the project and they are extending out to other integrations and have sigstore attestation policy available, albeit an early iteration
Go supply-chain related posts
- Software Supply Chain Security
- Obtainium – Get Android App Updates Directly from the Source
- PGP signatures on PyPI: worse than useless
- SDLC malware identification ?
- witness: A pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
- Witness is a pluggable framework digital attestation
- How are attestation and cybersecurity frameworks used practically outside of regulatory compliance?
-
A note from our sponsor - WorkOS
workos.com | 28 Apr 2024
Index
What are some of the best open-source supply-chain projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | kubeclarity | 1,257 |
2 | rekor | 832 |
3 | go-tuf | 596 |
4 | bomber | 453 |
5 | witness | 358 |
6 | minder | 191 |
7 | fatbom | 32 |
8 | chainmetric-network | 10 |
9 | chainmetric-iot | 8 |
Sponsored