Puerco's repositories
advisories
Security advisory data for Wolfi
deployer
A library to discover SBOMs
protobomit
Protobomit is a command line tool designed to manage Software Bill of Materials (SBOM) by adding in-toto attestations as an external references.
k8s.io
Kubernetes files for various *.k8s.io sites
test-infra
Test infrastructure for the Kubernetes project.
openvex-community
OpenVEX project community documentation
sbom-convert
Example CLI project to demo API architecture and protobom library
spdx-sbom-generator
Support CI generation of SBOMs via golang tooling.
in-toto-friends
Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.
friends
Sigstore user stories
kubernetes
Production-Grade Container Scheduling and Management
protobom-classic
A serialized version of SBOM data in protobuf
onesbom
OneSBOM: The universal SBOM library
openssf-OpenVEX
Vuln Disclosure WG's new SIG
scan2spdx
A tool to translate image scanning results into an SDPX3 security document.
cncf-memorials
🕯️💐CNCF Community Memorials
knative-test-infra
Test infrastructure for the Knative project
promo-tools
A tool to promote Docker images from one registry to another, based on a declarative YAML manifest
foundry
Open source tools
gh-sbom
Generate SBOMs with gh CLI
purl-spec
A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby
chainguard-images
Public Chainguard Images
wolfictl
A CLI used to work with the Wolfi OSS project
melange
build APKs from source code
openvex-examples
Open VEX examples and learning materials