Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
-
Updated
Jun 16, 2025 - Go
#
attestation
Here are 28 public repositories matching this topic...
Evidence store and policy engine for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
security open-source-licensing compliance license spdx attestation devsecops ospo oss-compliance sbom in-toto cyclonedx slsa supply-chain-security sbom-distribution slsa-provenance metadata-platform sbom-discovery regulated-industry
-
Updated
Jun 18, 2025 - Go
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
-
Updated
Apr 23, 2024 - Go
A highly configurable build executor and observer designed to generate signed SLSA provenance attestations about build runs.
-
Updated
Jun 18, 2025 - Go
SSH Certificate Authority with device attestation
-
Updated
Aug 31, 2024 - Go
vexctl is a tool to attest VEX impact statements
-
Updated
Mar 27, 2023 - Go
An OIDC authorization server building blocks with security and privacy by design philosophy.
-
Updated
Jul 30, 2024 - Go
An experimental (but fully functional) Remote Attestation Engine and Applications for TPM2.0 based systems (cloud, edge, IoT etc)
iot security cloud ietf uefi trust tpm tpm2 coreboot txt attestation rats edge-computing integrity-checker
-
Updated
Jan 24, 2024 - Go
Verify and assert policy on YubiKey attestation certificates
-
Updated
May 6, 2025 - Go
Platform software for Trusted Computing - TPM 2.0, Certificate Authority, and Web Services required to perform Local and Remote Attestation, provision, deploy, manage, and secure connected devices and networks at scale.
raspberry-pi iot arduino automation provisioning iot-platform certificate-authority tpm2 attestation trusted-platform-module security-automation hardware-security-module trusted-execution trusted-computing devops-platform
-
Updated
Apr 7, 2025 - Go
Library to create, verify, and evaluate policy for attestations on container images
-
Updated
Dec 2, 2024 - Go
🔴🟡🟢 The Amazing Multipurpose Policy Engine (and L)
-
Updated
Jun 21, 2025 - Go
Easy non-interactive initialization of a YubiKey's OpenPGP mode using sane settings and Ed25519/Curve25519 keys, ready for SSH use and attestation.
-
Updated
Apr 24, 2023 - Go
Sign and package attestations in sigstore bundles
-
Updated
Jun 21, 2025 - Go
Jane Attestation Server
security arm forensics uefi mars cca trust ccc sgx tpm tpm2 attestation trustzone tdx sgx-enclaves confidential-computing confidential-container confidential-compute
-
Updated
Jun 3, 2025 - Go
Gofeas is a working Go client for Grafeas
-
Updated
Mar 2, 2020 - Go
Improve this page
Add a description, image, and links to the attestation topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the attestation topic, visit your repo's landing page and select "manage topics."