Wg-securing-software-repos Alternatives

Similar projects and alternatives to wg-securing-software-repos

warehouse

274 3,458 9.7 Python wg-securing-software-repos VS warehouse

The Python Package Index
rubygems

211 3,545 9.9 Ruby wg-securing-software-repos VS rubygems

Library packaging and distribution for Ruby.
InfluxDB

www.influxdata.com
sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
RubyGems

25 2,295 9.8 Ruby wg-securing-software-repos VS RubyGems

The Ruby community's gem hosting service.
rfcs

7 41 4.6 wg-securing-software-repos VS rfcs

RubyGems + Bundler RFCs (by rubygems)
gem-compare

2 246 0.0 Ruby wg-securing-software-repos VS gem-compare

A RubyGems plugin that compares versions of the given gem
rfcs

1 6 0.0 wg-securing-software-repos VS rfcs

RubyGems + Bundler RFCs (by Shopify)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better wg-securing-software-repos alternative or higher similarity.

Suggest an alternative to wg-securing-software-repos

wg-securing-software-repos reviews and mentions

Posts with mentions or reviews of wg-securing-software-repos. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-06-13.

Making popular Ruby packages more secure
6 projects | news.ycombinator.com | 13 Jun 2022

RubyGems does have gem signing, but it's not widely used.
There's a proposal for a new "one button" approach using sigstore[0].
Other ecosystems are also looking at sigstore too, and a lot of us are cooperating in the OpenSSF Securing Software Repos WG [1]. Package signing is a regular topic of discussion and there are various efforts underway.
Disclosure: I am involved with both of these.
[0] https://github.com/rubygems/rubygems.org/pull/2944
[1] https://github.com/ossf/wg-securing-software-repos
Unauthorized gem takeover for some gems
7 projects | news.ycombinator.com | 7 May 2022

In particular, check out the Securing Software Repos WG: https://github.com/ossf/wg-securing-software-repos
So far folks have turned up from RubyGems, PyPI, NPM, Maven Central, Drupal and I'm probably forgotten someone.

Stats

Basic wg-securing-software-repos repo stats

Mentions

Stars

Activity

7.1

Last Commit

4 days ago

ossf/wg-securing-software-repos is an open source project licensed under GNU General Public License v3.0 or later which is an OSI approved license.