José Miguel Parrella's starred repositories
sealed-secrets
A Kubernetes controller and tool for one-way encrypted Secrets
package-analysis
Open Source Package Analysis
wg-best-practices-os-developers
The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
blueprint-securesoftwarepipeline
For engineers and security teams driving fast and secure software supply chains
annotate-registry-artifacts
CLI for adding OCI annotations to existing registry artifacts
image-layer-provenance
Container image provenance spec that allows tracing CVEs detected in registry images back to a CVE's source of origin.
SecureSoftwareSupplyChain
This repo is a consolidation of Secure Software Supply Chain resources, such as talks, whitepapers, conferences and more.
oss-ssc-framework
Open Source Software Secure Supply Chain Framework
omega-stracedb
A repository of strace results for lots of packages.
template-analyzer
Template scanner for security misconfiguration and best practices
security-devops-action
Microsoft Security DevOps for GitHub Actions.
Microsoft-Defender-for-Cloud
Welcome to the Microsoft Defender for Cloud community repository
draft-birkholz-scitt-architecture
A specification including, problem statement, use cases, requirements, and architectural constituents for a Transparency Service in support of Supply Chain Integrity, Transparency, and Trust
linux-package-repositories
Microsoft Packaged Linux Software (DEBs, RPMs, etc) are hosted on packages.microsoft.com (PMC) made available as native Linux repositories for use with package managers like APT, YUM, etc.
awesome-software-supply-chain-security
A compilation of resources in the software supply chain security domain, with emphasis on open source