adityasaky

essd

A simple tool to sign and verify using DSSE

adityasaky

All the cool kids are doing it, so why not?

cncf-gitdm

📜Fork for tracking CNCF projects

cncf-mentoring

👩🏿‍🎓👨🏽‍🎓👩🏻‍🎓CNCF Mentoring + CommunityBridge + Summer of Code

cncf-tag-security

🔐CNCF Special Interest Group on Security -- secure access, policy control, privacy, auditing, explainability and more!

dsse

A specification for signing methods and formats used by Secure Systems Lab projects.

gitsign

Keyless Git signing using Sigstore

gittuf-lua-prototype

go-git

A highly extensible Git implementation in pure Go.

go-git-fixtures

Several git fixtures to run go-git tests

go-securesystemslib

Cryptographic and general-purpose routines for Golang Secure Systems Lab projects at NYU

in-toto

in-toto is a framework to protect supply chain integrity.

in-toto-attestation

ITE-6 Attestation Definitions

in-toto-demo

Securing Alice's, Bob's and Carl's software supply chain using in-toto

in-toto-docs

Specification and other related documents.

in-toto-golang

A go implementation of in-toto verifylib

in-toto-java

A Java implementation of in-toto runlib

in-toto-rs

A rust implementation of in-toto

in-toto.io

ITE

in-toto Enhancements

nyu-arch-repo

ossf-tac

Technical Advisory Council

ossf-wg-supply-chain-integrity

Our objective is to enable open source maintainers, contributors and end-users to understand and make decisions on the provenance of the code they maintain, produce and use.

python-tuf

A framework for securing software update systems

sigstore

Common library shared across sigstore services

sigstore-protobuf-specs

Protocol Buffer specifications

slsa

Supply-chain Levels for Software Artifacts

tuf-specification

The Update Framework specification

tuf-taps

TUF Augmentation Proposals (TAPs)

uptane-pures

Proposed Uptane Revisions and Enchancements (PUREs)