Solving Open Source Supply Chain Security for the PHP Ecosystem

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Cloudways' Black Friday Offer - 1st Choice of Developers
Cloudways: Devs' 1st choice for managed hosting! Pick from top-tier Cloud providers like DigitalOcean, AWS, and GCE. Limited-time deal: 40% OFF for 4 Months + 40 Free Migrations.
platform.cloudways.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • OpenCart

    A free shopping cart system. OpenCart is an open source PHP-based online e-commerce solution.

  • Cloudways

    Cloudways' Black Friday Offer - 1st Choice of Developers. Cloudways: Devs' 1st choice for managed hosting! Pick from top-tier Cloud providers like DigitalOcean, AWS, and GCE. Limited-time deal: 40% OFF for 4 Months + 40 Free Migrations.

    Cloudways logo
  • Symfony

    The Symfony PHP framework

  • pacman-bintrans

    Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)

    Generally speaking, Transparency Logs for securing software distribution has been a research topic since around 2015, I also wrote my master thesis on the subject.

    Sigstore is a Transparency Log intended for provenance and software artifacts which has support for a few different build artifacts. The container ecosystems also appears to be embracing it.

    Cool practical example is pacman-bintrans from kpcyrd that throws Arch Linux packages on sigstore and (optionally) checks each package for being reproducible before installation.

    https://github.com/kpcyrd/pacman-bintrans

    https://www.sigstore.dev/

    I think this is generally useful for a lot of ecosystems indeed, and it's cool to also see similar scoped projects pop up to address the these issues.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Contribute to Adobe's Open Source Magento 2 with Contributor License Agreement

    1 project | news.ycombinator.com | 2 Oct 2024
  • Mullenweg threatens corporate takeover of WP Engine

    1 project | news.ycombinator.com | 1 Oct 2024
  • Introducing the Free and Open-Source Native Subscription App for Shopify

    1 project | dev.to | 22 Aug 2024
  • Flutter app with woocommece api

    1 project | /r/FlutterDev | 11 Dec 2023
  • Custom template in <head> ?

    1 project | /r/Magento | 8 Dec 2023