SaaSHub helps you find the best software and product alternatives Learn more →
Slsa Alternatives
Similar projects and alternatives to slsa
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
-
-
-
Moby
The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
-
-
-
Ionic Framework
A powerful cross-platform UI toolkit for building native-quality iOS, Android, and Progressive Web Apps with HTML, CSS, and JavaScript.
-
-
-
-
-
-
-
-
decompiler-explorer
Decompiler Explorer! Compare tools on the forefront of static analysis, now in your web browser!
-
-
-
DependencyCheck
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
-
slsa discussion
slsa reviews and mentions
- Nix – Death by a Thousand Cuts
-
Are We PEP740 Yet?
https://slsa.dev/ gives much clearer explanations about the why if this work.
-
7 Ways to Use the SLSA Framework to Secure the SDLC
The Software Development Lifecycle Assurance (SLSA) framework is a set of practices to secure software artifacts - like code, binaries, or container images- throughout the SDLC. Initially championed by Google, it was born from the growing need for a standardized approach to protecting the software supply chain.
-
Securi-Taco Tuesdays Livestream Recap: Software Supply Chain 101 with Luke Hinds
Secure Build Processes: Utilizing tools like SLSA, a framework for ensuring the integrity of software artifacts, can provide cryptographic guarantees about the build process and its outputs.
- SLSA – Supply-Chain Levels for Software Artifacts
- Dogbolt Decompiler Explorer
-
10 reasons you should quit your HTTP client
The dependency chain is certified! SLSA!
-
UEFI Software Bill of Materials Proposal
The things you mentioned are not solved by a typical "SBOM" but e.g. CycloneDX has extra fields to record provenance and pedigree and things like in-toto (https://in-toto.io/) or SLSA (https://slsa.dev/) also aim to work in this field.
I've spent the last six months in this field and people will tell you that this or that is an industry best practice or "a standard" but in my experience none of that is true. Everyone is still trying to figure out how best to protect the software supply chain security and things are still very much in flux.
-
Gittuf – a security layer for Git using some concepts introduced by TUF
It's multi-pronged and I imagine adopters may use a subset of features. Broadly, I think folks are going to be interested in a) branch/tag/reference protection rules, b) file protection rules (monorepo or otherwise, though monorepos do pose a very apt usecase for gittuf), and c) general key management for those who primarily care about Git signing.
For those who care about a and b, I think the work we want to do to support [in-toto attestations](https://github.com/in-toto/attestation) for [SLSA's upcoming source track](https://github.com/slsa-framework/slsa/issues/956) could be very interesting as well.
- SLSA • Supply-Chain Levels for Software Artifacts
-
A note from our sponsor - SaaSHub
www.saashub.com | 18 Jan 2025
Stats
slsa-framework/slsa is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.
The primary programming language of slsa is Shell.