Skip to content
Change the repository type filter

All

    Repositories list

    • Integrate OPA Gatekeeper's new ExternalData feature with witness to determine whether the images are valid by verifying them against a witness policy
      Go
      Apache License 2.0
      1334Updated Dec 23, 2024Dec 23, 2024
    • swf

      Public
      Makefile
      Apache License 2.0
      4604Updated Dec 16, 2024Dec 16, 2024
    • Go
      Apache License 2.0
      1300Updated Dec 9, 2024Dec 9, 2024
    • Shows attack and mitigation using witness for GH poisoned cache attacks
      Python
      1000Updated Dec 9, 2024Dec 9, 2024
    • demo-repo

      Public template
      A demo repo to show onboarding to JUDGE
      Dockerfile
      0001Updated Oct 18, 2024Oct 18, 2024
    • JavaScript
      Apache License 2.0
      3721Updated Oct 15, 2024Oct 15, 2024
    • demo0002

      Public
      Dockerfile
      0000Updated Jul 18, 2024Jul 18, 2024
    • demo0001

      Public
      Dockerfile
      0001Updated Jul 13, 2024Jul 13, 2024
    • Go
      Apache License 2.0
      1300Updated Jul 9, 2024Jul 9, 2024
    • JUDGE's fork of go-witness, for upstreaming. Go implementation of witness
      Go
      Apache License 2.0
      21000Updated Jun 15, 2024Jun 15, 2024
    • Judge's fork of Witness, for upstreaming. Witness is a pluggable framework for software supply chain risk management. It automates, normalizes, and verifies software artifact provenance.
      Go
      Apache License 2.0
      60000Updated Jun 4, 2024Jun 4, 2024
    • TypeScript
      Apache License 2.0
      212000Updated May 1, 2024May 1, 2024
    • kratos

      Public
      Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, PassKeys, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.
      Go
      Apache License 2.0
      963001Updated May 1, 2024May 1, 2024
    • RFC3161 Timestamp Authority - JUDGE Fork
      Go
      Apache License 2.0
      39100Updated Apr 30, 2024Apr 30, 2024
    • charts

      Public
      Smarty
      Apache License 2.0
      3311Updated Apr 10, 2024Apr 10, 2024
    • Judge's fork for upstreaming Archivista. Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
      Go
      Apache License 2.0
      25000Updated Apr 10, 2024Apr 10, 2024
    • policy-tool

      Public archive
      utility for creating and validating witness policy
      Go
      1560Updated Apr 1, 2024Apr 1, 2024
    • Red team tool that emulates the SolarWinds CI compromise attack vector.
      Go
      MIT License
      42200Updated Mar 15, 2024Mar 15, 2024
    • Witness Examples
      Shell
      31050Updated Feb 27, 2024Feb 27, 2024
    • library

      Public
      Go
      0000Updated Feb 10, 2024Feb 10, 2024
    • Go
      MIT License
      0001Updated Jan 26, 2024Jan 26, 2024
    • archivista-api

      Public archive
      Go
      Apache License 2.0
      0000Updated Dec 12, 2023Dec 12, 2023
    • HTML
      Apache License 2.0
      0011Updated Dec 6, 2023Dec 6, 2023
    • This is a repository for technical assessments that can be used screening purposes.
      MIT License
      0100Updated Oct 9, 2023Oct 9, 2023
    • go-ima

      Public
      go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems
      Go
      MIT License
      31300Updated Sep 28, 2023Sep 28, 2023
    • A go implementation of in-toto verifylib
      Go
      Other
      51200Updated Sep 20, 2023Sep 20, 2023
    • community

      Public
      Witness and Archivista community information
      Apache License 2.0
      0300Updated Sep 7, 2023Sep 7, 2023
    • galadriel

      Public
      SPIFFE Federation the easy way
      Go
      Apache License 2.0
      16101Updated Aug 26, 2023Aug 26, 2023
    • in-toto

      Public
      in-toto is a framework to protect supply chain integrity.
      Python
      Other
      141100Updated Aug 18, 2023Aug 18, 2023
    • pipeline

      Public
      A cloud-native Pipeline resource.
      Go
      Apache License 2.0
      1.8k101Updated Jul 22, 2023Jul 22, 2023