puerco

bomshell

An query language and interactive tooling to work with SBOM data.

discovery-old

OpenVEX Discovery Module

protobom

A universal SBOM representation in protocol buffers

security-insights-go

Libraries to read and write the openssf's security insights data

bind

Sign and package an attestation into a sigstore bundle

bom-shelter

A place to systematically store software bill of materials (SBOM) documents.

cfp

CFP documents and materials

cilium

eBPF-based Networking, Security, and Observability

demo-repo-python

A simple python demo repository

golang-vuln

[mirror] the database client and tools for the Go vulnerability database

grype

A vulnerability scanner for container images and filesystems

ko

Build and deploy Go applications on Kubernetes

kueue

Kubernetes-native Job Queueing

lab

Pruebas misc

mentoring

👩🏿‍🎓👨🏽‍🎓👩🏻‍🎓CNCF Mentoring: LFX Mentorship + Summer of Code

minder

Software Supply Chain Security Platform

minder-rules-and-profiles

A repository containing Minder rules and profiles recommended by your friends at Stacklok

openvex-spec

OpenVEX Specification

protobom-storage

Storage backends for protobom

protobuf-specs

Protocol Buffer specifications

release-utils

setup-trusty-attest

Set up the trusty attester

sigstore-go

Go library for Sigstore signing and verification

spdx-3-model

syft

CLI tool and library for generating a Software Bill of Materials from container images and filesystems

trusty-action

Trusty Dependency Analysis Action

trusty-attest

A utility to create attestations recording trusty dependency scores.

trusty-cli

A command line tool to interact with Trusty

trusty-sdk-go

A Golang SDK for trusty

vexctl

A tool to create, transform and attest VEX metadata