Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
-
Updated
Mar 19, 2025 - Go
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Example goreleaser + github actions config with keyless signing, SBOM generation, and attestations
Example project using SLSA 3 Generic Generator with GoReleaser
A Jenkins plugin to create SLSA provenance attestations
Generates SBOMs remotely in a verifiable manner (SLSA Build L3)
Sign and package attestations in sigstore bundles
Create SLSA Provenance from nix flake
Buildkite plugin that generates a SLSA Provenance attestation for a build step
SLSA generate and verify provenance demo
Jenkins Shared Library
Ensignia Provenance Upload Action
Add a description, image, and links to the slsa-provenance topic page so that developers can more easily learn about it.
To associate your repository with the slsa-provenance topic, visit your repo's landing page and select "manage topics."