Legit Labs

legitify

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

action-download-artifact

:gear: A GitHub Action to download an artifact associated with given workflow and commit or other criteria

gh-legitify

GitHub CLI extension for running "legitify"

homebrew-legit-labs

Brew tap for legit-labs projects

.github

go-github

Go library for accessing the GitHub v3 API

goreleaser

Deliver Go binaries as fast and easily as possible

goreleaser-action

GitHub Action for GoReleaser

legit-provenance-generator

Language-agnostic SLSA provenance generation for Github Actions

legit-remote-provenance

legit-remote-provenance-server

legit-verify-attestation

detect-workflow

A standalone binary to execute the detect-workflow action from slsa-framework/slsa-github-generator

homebrew-core

🍻 Default formulae for the missing package manager for macOS (or Linux)

legit-attestation-uploader

legit-k8s-ac

Legit k8s admission controller for provenance and repository-posture status

legit-oidc

legit-provenance-action

legit-provenance-uploader

legit-provenance-verifier

legit-registry-tools

legit-score

legit-score-verifier

legitify-public-action-demo

scorecard

Security Scorecards - Security health metrics for Open Source

Secret-Scanning-Sampler

tag-security

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

wg-best-practices-os-developers

The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.

wrongsecrets

Vulnerable app with examples showing how to not use secrets