puerco

advisories

Security advisory data for Wolfi

deployer

A library to discover SBOMs

protobomit

Protobomit is a command line tool designed to manage Software Bill of Materials (SBOM) by adding in-toto attestations as an external references.

k8s.io

Kubernetes files for various *.k8s.io sites

test-infra

Test infrastructure for the Kubernetes project.

openvex-community

OpenVEX project community documentation

sbom-convert

Example CLI project to demo API architecture and protobom library

spdx-sbom-generator

Support CI generation of SBOMs via golang tooling.

in-toto-friends

Friends of in-toto! A place to record integrations and adoptions of the in-toto specification.

friends

Sigstore user stories

kubernetes

Production-Grade Container Scheduling and Management

protobom-classic

A serialized version of SBOM data in protobuf

onesbom

OneSBOM: The universal SBOM library

openssf-OpenVEX

Vuln Disclosure WG's new SIG

scan2spdx

A tool to translate image scanning results into an SDPX3 security document.

openvex-dot-github

cncf-memorials

🕯️💐CNCF Community Memorials

gor

The ultimate time saver for go programmers

knative-test-infra

Test infrastructure for the Knative project

promo-tools

A tool to promote Docker images from one registry to another, based on a declarative YAML manifest

tejolote

A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.

circuit-lab

foundry

Open source tools

gh-sbom

Generate SBOMs with gh CLI

purl-spec

A minimal specification for purl aka. a package "mostly universal" URL, join the discussion at https://gitter.im/package-url/Lobby

apko

chainguard-images

Public Chainguard Images

wolfictl

A CLI used to work with the Wolfi OSS project

melange

build APKs from source code

openvex-examples

Open VEX examples and learning materials