lumjjb

sbom-attest

simple-ocicrypt-keyprovider

slsa

Supply-chain Levels for Software Artifacts

slsa-github-generator-go

bom

A utility to generate SPDX-compliant Bill of Materials manifests

community-vex

OpenVEX project community documentation

go-vex

Go module to generate and transform VEX documents

guac

guac-docs

helm-charts

Helm Chart for deploying GUAC

meetings

This repository stores meetings minutes for the SPDX project

ntia-conformance-checker

Check SPDX SBOM for NTIA minimum elements

osv-test

osv.dev

Open source vulnerability DB and triage service.

people

Stores the data that will populate the various people listings on cncf.io

pipeline

A cloud-native Pipeline resource.

sample-golang-prov

sample-python-app

Let's build a simple containerized python app!

sig-software-supply-chain

SIG Software Supply Chain

spdx-3-model

spdx-examples

Examples of SPDX files for software combinations

spdx-spec

The SPDX specification in MarkDown and HTML formats.

spec

OpenVEX Specification

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

toc

⚖️Technical Oversight Committee (TOC)

tools-golang

Collection of Go packages to work with SPDX files

tools-python

A Python library to parse, validate and create SPDX documents.

vexctl

A tool to create, transform and attest VEX metadata

vuln

[mirror] the database client and tools for the Go vulnerability database

wg-securing-software-repos

OpenSSF Working Group on Securing Software Repositories