10 dépôts
Verifying PGP signatures of Git commits and tags to ensure the authenticity of the source.
Distinct from Alternative Signature Verifiers: Specific to Git commit/tag verification, distinct from webhook or firmware signature verification.
Explore 10 awesome GitHub repositories matching security & cryptography · Git Commit Signature Verification. Refine with filters or upvote what's useful.
This project is a comprehensive hardware security guide for using YubiKey tokens to manage encryption, digital signatures, and secure authentication. It provides technical instructions for configuring hardware security modules to handle digital identity and cryptographic materials. The documentation focuses on the implementation of OpenPGP and SSH workflows, specifically covering the creation of master key hierarchies, the rotation of subkeys, and the use of hardware-backed keys for secure shell connections. It also details methods for verifying code authorship through signed Git commits and
Provides a technical walkthrough for signing Git commits and tags using hardware-backed PGP keys to verify authorship.
Ungit is a web-based graphical interface and version control client for managing Git repositories. It provides a visual dashboard for performing version control operations, staging changes, and committing files without using a terminal. The project integrates third-party merge utilities to resolve file conflicts and includes a system for signing and verifying the authenticity of code contributions using PGP encryption keys. The interface maintains synchronization with the local filesystem by monitoring directory changes in real time to update the repository state. It interfaces with the unde
Verifies PGP signatures of Git commits to ensure the authenticity of code contributions.
git-standup is a command line interface tool that functions as a git commit activity summarizer and version control report generator. It aggregates commit messages and metadata from one or multiple repositories to track work activity and generate daily standup reports. The tool differentiates itself by providing multi-repository aggregation, scanning directories to compile a combined activity report across several projects. It includes features to synchronize remote data across these projects and utilizes a configurable work week schedule to calculate date ranges between workdays. The capabi
Enables reviewing commit metadata and change statistics for contributors and branches over specific timeframes.
Flux is a Kubernetes GitOps delivery tool used to automate application deployments by synchronizing cluster state with configurations stored in Git, OCI, or Helm repositories. It functions as a set of controllers that monitor desired state in external sources and continuously reconcile the live cluster to match those definitions. The system distinguishes itself through a multi-cluster management plane that coordinates application delivery across fleets of remote clusters from a central hub. It provides a dedicated mechanism for automated image updates, which scans container registries for new
Checks PGP signatures of Git commit or tag objects against trusted keys.
Flux is a Kubernetes GitOps controller and deployment engine that synchronizes cluster state with configurations stored in a Git repository. It serves as a system for continuous delivery, utilizing a manifest generator to create configuration files from templates and a reconciliation loop to ensure the live environment matches the desired state defined in versioned repositories. The project distinguishes itself through a container image automator that scans registries and updates manifests based on semantic versioning or regular expressions. It incorporates secure configuration deployment via
Validates cryptographic GPG signatures on incoming Git commits to ensure delivery pipeline integrity.
This project is a comprehensive guide to Git version control standards and best practices. It provides a set of instructions for writing professional commit messages and managing repository history to ensure project maintainability. The documentation covers the standardization of commit messages through specific rules for mood, capitalization, and structural separation of subjects and bodies. It also includes guidelines for composing pull request summaries and cover letters to provide maintainers with necessary technical context and logic. The guide extends to repository security and history
Instructions for verifying PGP signatures of commits and tags to ensure source authenticity.
itpol est un framework pour la gestion des clés cryptographiques, les politiques de signature numérique et le durcissement de la sécurité. Il fournit une bibliothèque de modèles de politiques IT et des frameworks d'accès à l'infrastructure pour établir des directives de sécurité organisationnelles et la gouvernance. Le projet se concentre sur la gestion de l'identité cryptographique via l'utilisation de clés PGP et SSH, ainsi qu'un guide de durcissement de la sécurité pour les postes de travail. Il définit des standards pour la sécurité de la chaîne d'approvisionnement logicielle, spécifiquement concernant la signature des commits de code et des versions logicielles pour assurer la provenance. Le système couvre un large éventail de capacités de sécurité, incluant l'implémentation de l'authentification multi-facteurs, le chiffrement de disque et la sécurité du bootloader. Il aborde également les flux de travail de communication sécurisés pour la messagerie chiffrée et l'e-mail, ainsi que la gestion des modules de sécurité matériels (HSM) et les stratégies de sauvegarde zéro-connaissance.
Provides guidelines for verifying PGP signatures on Git commits and tags to prevent malicious alterations.
Ce projet est une implémentation native du système de contrôle de version Git pour les applications Go. Il fournit une API programmable et un ensemble d'outils de plomberie de bas niveau qui permet aux développeurs de gérer des dépôts, de manipuler des graphes d'objets et d'effectuer des opérations de contrôle de version sans nécessiter de binaires système externes ou de liaisons C. La bibliothèque se distingue par ses couches de stockage et de réseau flexibles, dotées d'un système de fichiers virtuel qui permet la gestion de dépôts en mémoire pour contourner les E/S disque. Elle prend en charge des transports réseau enfichables et des backends de stockage basés sur des interfaces, permettant des implémentations propriétaires personnalisées de la manière dont les objets de données et les références sont persistés et échangés. La surface de capacité couvre la gestion de dépôt de haut niveau — incluant le clonage, le commit, le push et le pull — parallèlement à une analyse détaillée de l'historique et de l'attribution. Elle inclut également des fonctionnalités de sécurité pour la signature de commit et la vérification de signature cryptographique, ainsi que des utilitaires pour la gestion des sous-modules et la recherche de contenu de dépôt.
Includes a utility to verify PGP signatures of Git commits and tags to ensure authenticity.
git-who is a Git contribution analysis tool designed to identify the primary owners of files and directories by analyzing commit history and file trees. It functions as an ownership mapper and statistics generator that calculates commit volumes and line counts to determine responsibility for specific subsystems. The tool distinguishes itself by mapping directory trees to their most active contributors and generating chronological visualizations, such as bar charts, to show how dominant author shares have shifted over time. It resolves fragmented author names and email addresses into single un
The tool calculates the total volume of work contributed by authors sorted by lines added, files changed, or modification dates.
RL-Swarm is a decentralized reinforcement learning framework designed to coordinate distributed machine learning agents across peer-to-peer networks. It functions as a distributed computing orchestrator that manages multi-agent roles and hardware resources to facilitate large-scale collaborative training. By anchoring training processes in cryptographic verification and decentralized contracts, the system ensures that model development remains transparent, verifiable, and resistant to manipulation. The platform distinguishes itself through a multi-agent expert coordination model that organize
Logs participant contributions to a digital identity to create a transparent and verifiable record of training performance.