Wg-securing-software-https Alternatives

Similar projects and alternatives to wg-securing-software-https

setuptools

21 2,322 9.9 Python wg-securing-software-https VS setuptools

Official project repository for the Setuptools build system
guac

4 1,176 9.8 Go wg-securing-software-https VS guac

GUAC aggregates software security metadata into a high fidelity graph database.
InfluxDB

www.influxdata.com featured

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
encapsule

1 0 6.3 Python wg-securing-software-https VS encapsule
slsa-verifier

2 204 8.4 Go wg-securing-software-https VS slsa-verifier

Verify provenance from SLSA compliant builders

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better wg-securing-software-https alternative or higher similarity.

Suggest an alternative to wg-securing-software-https

wg-securing-software-https reviews and mentions

Posts with mentions or reviews of wg-securing-software-https. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-10-05.

Python 3.12.0 from a supply chain security perspective
5 projects | news.ycombinator.com | 5 Oct 2023

Great question! PyPI already supports Trusted Publishers [1], which gets you most of the benefits of SLSA build provenance (provable link between artifacts and a public software repository). Implementing Trusted Publishers is the recommended first step for ecosystems looking to implement build provenance [2].
[1] https://docs.pypi.org/trusted-publishers/
[2] https://github.com/ossf/wg-securing-software-https://docs.py...
I don't think there's a big effort /right now/ to implement complete SLSA build provenance for PyPI and expose it for users to verify.