SaaSHub helps you find the best software and product alternatives Learn more →
In-toto Alternatives
Similar projects and alternatives to in-toto
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
-
-
-
dependency-track
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
-
-
snyk
Discontinued Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
-
certificate-transparency-go
Auditing for TLS certificates (Go code)
-
ochrona-cli
A command line tool for detecting vulnerabilities in Python dependencies and doing safe package installs
-
pip-audit
Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them
-
vmclarity
VMClarity is a tool for agentless detection and management of Virtual Machine Software Bill Of Materials (SBOM) and vulnerabilities
-
-
macOS-Security-and-Privacy-Guide
Guide to securing and improving privacy on macOS
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a better in-toto alternative or higher similarity.
in-toto reviews and mentions
Posts with mentions or reviews of in-toto.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-11-14.
-
UEFI Software Bill of Materials Proposal
The things you mentioned are not solved by a typical "SBOM" but e.g. CycloneDX has extra fields to record provenance and pedigree and things like in-toto (https://in-toto.io/) or SLSA (https://slsa.dev/) also aim to work in this field.
I've spent the last six months in this field and people will tell you that this or that is an industry best practice or "a standard" but in my experience none of that is true. Everyone is still trying to figure out how best to protect the software supply chain security and things are still very much in flux.
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
in-toto is an open source project that focuses on the attestation part of software supply chain security. You use it to define a “layout” for a project, i.e., how the different components should fit together. A project ships this definition with its code, and then another user of that software can compare what they have with the attached definition to see if it matches the structure and contents they expect. If it doesn’t, then this could point to external tampering or other issues.
-
How do you mitigate supply chain attacks?
But it's not all doom and gloom because the industry is evolving. Companies like Google are formulating tools like scorecard to heuristically reduce risk by encouraging you to rely on trustable dependencies only. There's also more complex tools like in-toto that actually look at the integrity of your supply chain (don't ask me how this one works, I just know that people like it).
- in-toto/in-toto: in-toto is a framework to protect supply chain integrity.
-
A note from our sponsor - SaaSHub
www.saashub.com | 18 Apr 2024
Stats
Basic in-toto repo stats
4
824
8.9
8 days ago
in-toto/in-toto is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of in-toto is Python.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com