Confidential VM Platform Guest attestation sample apps

Catalog of official Microsoft MCP (Model Context Protocol) server implementations for AI-powered data access and tool integration

Dusseldorf is an out-of-band security tool to help in security research.

A CCF-based, attested DNS server

This is a rust implementation of an attested OHTTP gateway

Web application that allows to load a Trivy report in json format and displays the vulnerabilities of a single target in an interactive data table.

Dependency Timeline Audit

Ressources for the regular meeting of distribution security teams

A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT

Generic NDJSON importer for hashlookup server

Fast lookup server for NSRL and other hash database used in digital forensic

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service - https://circl.lu/services/hashlookup/

in-toto is a framework to protect supply chain integrity.

A vulnerability scanner for container images and filesystems

Gives criticality score for an open source project

🔐CNCF Security Technical Advisory Group -- secure access, policy control, privacy, auditing, explainability and more!

Supply chain security for ML

Technical Advisory Council

Rust implementation of the keylime agent

Software Supply Chain Transparency Log

Go packages built on go-tpm providing a high-level API for using TPMs

Process-based Confidential Container Runtime

A repository to define IETF RATS Concise Reference Integrity Manifest (CoRIM) Data Format Standard for supplying Reference Values and Endorsed Values

Automatically assess and score software repositories for supply chain risk.

Octoscan is a static vulnerability scanner for GitHub action workflows.

Format agnostic SBOM tooling

Formal specification of attestation mechanisms in Confidential Computing

Meeting materials

A CLI tool for interacting with SEV-SNP guest environment