bureado
Follow
Stars
This is a rust implementation of an attested OHTTP gateway
Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.
Dependency Timeline Audit
Ressources for the regular meeting of distribution security teams
A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT
Generic NDJSON importer for hashlookup server
Fast lookup server for NSRL and other hash database used in digital forensic
Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/
in-toto is a framework to protect supply chain integrity.
A vulnerability scanner for container images and filesystems
Gives criticality score for an open source project
🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!
Go packages built on go-tpm providing a high-level API for using TPMs
Process-based Confidential Container Runtime
A repository to define IETF RATS Concise Reference Integrity Manifest (CoRIM) Data Format Standard for supplying Reference Values and Endorsed Values
Automatically assess and score software repositories for supply chain risk.
Octoscan is a static vulnerability scanner for GitHub action workflows.
Formal specification of attestation mechanisms in Confidential Computing
A CLI tool for interacting with SEV-SNP guest environment
Tools, scripts, and configuration files necessary to demonstrate an end-to-end remote attestation example with SEV-SNP.
go-sev-guest offers a library to wrap the /dev/sev-guest device in Linux, as well as a library for attestation verification of fundamental components of an attestation report.
Attestation and Secret Delivery Components