# Software Artifact Signing and Verification > Search results for `sign and verify software artifacts for supply-chain trust` on awesome-repositories.com. 116 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/sign-and-verify-software-artifacts-for-supply-chain-trust **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/sign-and-verify-software-artifacts-for-supply-chain-trust).** ## Results - [homebrew/homebrew-core](https://awesome-repositories.com/repository/homebrew-homebrew-core.md) (15,383 ⭐) — This project is a Ruby-based package definition repository that functions as a cross-platform package manager and software dependency resolver for macOS and Linux. It provides a centralized system for installing, updating, and managing software through a Git-based distribution model. The system distinguishes itself through a binary package distribution network that produces pre-compiled bottles to avoid local compilation from source. It utilizes a Ruby-based domain specific language to define installation recipes and employs a distributed version control architecture to synchronize these defi - [homebrew/legacy-homebrew](https://awesome-repositories.com/repository/homebrew-legacy-homebrew.md) (26,849 ⭐) — This project is a command line package manager and dependency management engine used for installing, updating, and removing software packages across different operating systems. It functions as a package recipe system and software repository administrator, utilizing declarative scripts to define software sources, build arguments, and installation steps. The system operates as a binary distribution platform that compiles source code into pre-compiled binaries and distributes them through remote repositories. It includes an automated version tracker that monitors upstream software releases and - [actions/toolkit](https://awesome-repositories.com/repository/actions-toolkit.md) (5,772 ⭐) — The GitHub ToolKit for developing GitHub Actions. - [fastlane/fastlane](https://awesome-repositories.com/repository/fastlane-fastlane.md) (41,703 ⭐) — fastlane is a mobile DevOps framework and release automation tool designed to coordinate the building, signing, and distribution of iOS and Android applications. It functions as a build orchestrator and distribution manager that automates the delivery of mobile apps to app stores and testing environments. The project distinguishes itself through a plugin-based extension model that allows for custom action sets and a specialized system for managing developer resources. It automates the synchronization of code signing certificates and provisioning profiles and handles secure account authenticat - [cli/cli](https://awesome-repositories.com/repository/cli-cli.md) (44,849 ⭐) — This project is a command-line interface that bridges local development workflows with remote platform services. It functions as a terminal-based platform client, enabling users to manage repositories, issues, and pull requests directly from their command line through authenticated API interactions. The tool provides a modular environment that supports custom binary extensions and command aliases, allowing developers to tailor their terminal experience to specific project needs. Beyond standard repository management, the tool serves as a remote development manager, offering capabilities to pr - [c0re100/qbittorrent-enhanced-edition](https://awesome-repositories.com/repository/c0re100-qbittorrent-enhanced-edition.md) (25,128 ⭐) — qBittorrent-Enhanced-Edition is a cross-platform desktop application designed to manage the downloading and uploading of files across peer-to-peer networks. It functions as an open-source file sharer, facilitating the decentralized distribution of digital content by breaking files into smaller pieces for efficient transfer. The application utilizes a high-performance library to handle complex protocol specifications and employs a mature widget toolkit to provide a consistent native user interface across Windows, macOS, and Linux. It operates as a network traffic manager, incorporating asynchr - [denysvuika/supply-chain-inspector](https://awesome-repositories.com/repository/denysvuika-supply-chain-inspector.md) (3 ⭐) — A standalone, zero-dependency Node.js script for supply chain security analysis of npm dependencies. - [vote-and-verify/vote-and-verify](https://awesome-repositories.com/repository/vote-and-verify-vote-and-verify.md) (19 ⭐) — A Vote-and-Verify Strategy for Fast Spatial Verification in Image Retrieval - [futurice/ios-good-practices](https://awesome-repositories.com/repository/futurice-ios-good-practices.md) (10,976 ⭐) — This project provides a set of development guidelines and architectural recommendations for building iOS applications. It focuses on structuring Swift applications to decouple business logic from the user interface to improve testability and maintenance. The project covers specific implementation standards for security, such as using keychain storage for sensitive data and TLS certificate pinning for network traffic. It also defines patterns for code quality enforcement through static analysis and compiler configurations, as well as strategies for asset and localization management. The guide - [imputnet/cobalt](https://awesome-repositories.com/repository/imputnet-cobalt.md) (41,096 ⭐) — Cobalt is a cross-platform web application designed as a distributed service platform for managing media content downloading. It functions as a full-stack monorepo that integrates a backend API with a responsive frontend, providing a unified interface for users to fetch and save media files from various online platforms. The project utilizes a modular architecture where backend services, frontend interfaces, and shared logic are organized into decoupled packages within a single repository. This monorepo structure employs centralized workspace orchestration to manage dependencies and cross-pac - [missing-semester-cn/missing-semester-cn.github.io](https://awesome-repositories.com/repository/missing-semester-cn-missing-semester-cn-github-io.md) (7,311 ⭐) — This is an open-source educational website that translates and localizes MIT's Missing Semester course, teaching practical computing skills for computer science students. The curriculum covers developer tooling, shell scripting, version control, security fundamentals, and open-source collaboration, with a focus on core computing skills including data processing pipelines, workflow automation, secure remote access, shell productivity, Vim editing, and Git version control. The project distinguishes itself by teaching command-line mastery, shell scripting, and automation to boost daily developer - [aquasecurity/chain-bench](https://awesome-repositories.com/repository/aquasecurity-chain-bench.md) (774 ⭐) — An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark. - [mattermost/mattermost](https://awesome-repositories.com/repository/mattermost-mattermost.md) (38,139 ⭐) — Mattermost is a self-hosted, enterprise-grade communication platform designed for organizations that require strict control over their internal data and messaging infrastructure. It functions as a centralized hub for real-time team interaction, offering persistent messaging, voice and video conferencing, and integrated project management tools within a single, private workspace. The platform is built to support high-security environments, including air-gapped deployments where public internet access is restricted or unavailable. The platform distinguishes itself through a focus on regulatory - [tektoncd/chains](https://awesome-repositories.com/repository/tektoncd-chains.md) (271 ⭐) — Supply Chain Security in Tekton Pipelines - [pyinstaller/pyinstaller](https://awesome-repositories.com/repository/pyinstaller-pyinstaller.md) (13,019 ⭐) — PyInstaller is a cross-platform binary packager and application freezer that bundles Python scripts and their dependencies into standalone executables. It allows programs to be distributed and run on target operating systems without requiring a local installation of the Python interpreter. The tool functions as a standalone executable bundler, packaging the application with all necessary modules and libraries into a single file or folder. It includes integration for digital binary signing to satisfy operating system security requirements for distributed software. The system utilizes static a - [ibax-io/go-ibax](https://awesome-repositories.com/repository/ibax-io-go-ibax.md) (7,858 ⭐) — go-ibax is a blockchain protocol platform and decentralized application infrastructure used to deploy networks with custom governance and token economics. It provides a foundation for building decentralized applications through a framework that integrates identity management and on-chain data storage. The project features a multilingual virtual machine capable of executing smart contracts written in Go, Rust, and Solidity. It implements a sharded blockchain network to increase throughput and a privacy layer utilizing zero-knowledge proofs and homomorphic encryption to anonymize transaction da - [d0ge/sign-saboteur](https://awesome-repositories.com/repository/d0ge-sign-saboteur.md) (167 ⭐) — SignSaboteur is a Burp Suite extension for editing, signing, verifying various signed web tokens - [bottlerocket-os/bottlerocket](https://awesome-repositories.com/repository/bottlerocket-os-bottlerocket.md) (9,624 ⭐) — Bottlerocket is a container-optimized operating system and minimal Linux distribution designed specifically for hosting container workloads. It functions as an immutable infrastructure OS, utilizing a read-only root filesystem and atomic partition swapping to ensure consistent and reversible system updates. The system is distinguished by an API-driven host manager that replaces traditional shell-based configuration with a local REST API for administrative tasks. To maintain security and stability, it employs a dual-runtime isolation model that separates workload runtimes from system operation - [forensicartifacts/artifacts](https://awesome-repositories.com/repository/forensicartifacts-artifacts.md) (1,240 ⭐) — Digital Forensics artifact repository - [aquasecurity/trivy](https://awesome-repositories.com/repository/aquasecurity-trivy.md) (36,462 ⭐) — Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai - [cockroachdb/cockroach](https://awesome-repositories.com/repository/cockroachdb-cockroach.md) (32,207 ⭐) — Cockroach is a distributed SQL database designed to scale horizontally across multiple nodes while maintaining strict ACID compliance and global data consistency. It functions as a relational database engine that automatically partitions data into ranges, rebalancing them across a cluster to accommodate growing storage and throughput requirements. By utilizing a distributed consensus protocol, the system ensures that all nodes agree on the order of operations, providing fault tolerance and continuous availability even in the event of hardware failures. The system distinguishes itself through - [anchore/syft](https://awesome-repositories.com/repository/anchore-syft.md) (8,399 ⭐) — Syft is a software bill of materials generator, container image scanner, and software dependency catalog. It analyzes container images and filesystems to produce comprehensive inventories of installed packages and dependencies in standard formats. Additionally, it serves as a software attestation tool and an SBOM format converter. The project distinguishes itself through the ability to create cryptographically signed attestations for software inventories to ensure provenance and integrity. It also provides the capability to transform software bills of materials between different industry sche - [verifytests/verify](https://awesome-repositories.com/repository/verifytests-verify.md) (3,446 ⭐) — Verify is a snapshot testing tool that simplifies the assertion of complex data models and documents. - [horrister/axios-supply-chain-cve-2026-26555](https://awesome-repositories.com/repository/horrister-axios-supply-chain-cve-2026-26555.md) (0 ⭐) - [elastic/elasticsearch](https://awesome-repositories.com/repository/elastic-elasticsearch.md) (77,012 ⭐) — Elasticsearch is a distributed search engine and document store designed for the high-performance indexing and retrieval of massive volumes of unstructured data. It functions as a centralized analytics platform, providing a schema-flexible architecture that organizes information into searchable indices while maintaining global cluster state through a distributed consensus mechanism. The platform distinguishes itself through its integrated approach to observability, security, and advanced analytics. It combines full-text, vector, and hybrid search capabilities with machine learning-driven insi - [avelino/awesome-go](https://awesome-repositories.com/repository/avelino-awesome-go.md) (175,576 ⭐) — This project serves as a comprehensive language ecosystem index, functioning as a centralized, community-curated directory for the Go programming language. It organizes a vast landscape of software components, libraries, and development tools into a structured, navigable hierarchy, enabling developers to efficiently discover resources tailored to specific functional domains. The repository distinguishes itself through a decentralized contribution model, where community-driven updates ensure the index remains current with the rapidly evolving software landscape. Beyond simple resource listing, - [ncase/trust](https://awesome-repositories.com/repository/ncase-trust.md) (6,225 ⭐) — Trust is a game theory educational simulation and interactive learning tool. It functions as a web-based application designed to teach the mechanics of cooperation and social dynamics through guided discovery and behavioral simulations. The project is developed as a multilingual educational application, providing localized content and metadata to make game theory instruction accessible to a global audience in multiple languages. The application utilizes interactive educational content and simulations to explain theoretical concepts, supported by a state-machine driven narrative and client-si - [docker/compose](https://awesome-repositories.com/repository/docker-compose.md) (37,588 ⭐) — Docker Compose is a tool for defining and running multi-container applications through declarative configuration files. It functions as an application lifecycle manager, coordinating the startup, shutdown, and scaling of interconnected services within isolated environments. By using a standardized configuration format, it enables infrastructure as code, allowing developers to manage complex application stacks and their dependencies in a single, repeatable file. The project distinguishes itself by integrating directly with the broader Docker platform, leveraging a client-server architecture wh - [apache/gravitino](https://awesome-repositories.com/repository/apache-gravitino.md) (2,866 ⭐) — Gravitino is a federated metadata lake and unified data catalog designed to manage tables, files, and AI models across diverse data sources and cloud storage. It serves as a centralized interface for governing schemas, access controls, and tagging across relational databases, messaging queues, and object stores. The project distinguishes itself by unifying the management of AI assets, such as machine learning models and their version lineages, alongside traditional tabular data. It also implements the Iceberg REST specification to provide a standardized metadata server and proxy for lakehouse - [cargo-bins/cargo-binstall](https://awesome-repositories.com/repository/cargo-bins-cargo-binstall.md) (2,493 ⭐) — cargo-binstall is a toolchain extension and binary artifact manager designed to install pre-compiled Rust binaries from releases. Its primary purpose is to avoid the time and resource costs associated with compiling software from source by fetching pre-built executables. The tool provides mechanisms for discovering and downloading binaries across different architectures and platforms. It includes capabilities for verifying the authenticity and integrity of downloaded packages using cryptographic signature verification against public keys. The system supports automated installation in continu - [actions/upload-artifact](https://awesome-repositories.com/repository/actions-upload-artifact.md) (4,108 ⭐) — Upload Actions Artifacts from your Workflow Runs. Internally powered by @actions/artifact package. - [goharbor/harbor](https://awesome-repositories.com/repository/goharbor-harbor.md) (28,761 ⭐) — Harbor is a self-hosted, enterprise-grade container registry platform designed to store, sign, and scan container images and cloud-native artifacts. It provides a centralized repository that integrates directly with Kubernetes environments to manage the full lifecycle of software artifacts, from initial storage to production deployment. The platform distinguishes itself through a focus on security, governance, and multi-site availability. It features a pluggable vulnerability scanning framework that allows for the integration of various security engines, alongside content trust mechanisms tha - [veggiemonk/awesome-docker](https://awesome-repositories.com/repository/veggiemonk-awesome-docker.md) (36,229 ⭐) — This project is a comprehensive, community-driven directory that serves as a centralized discovery hub for the container ecosystem. It functions as a structured knowledge base, aggregating a wide array of software tools, educational materials, and technical resources designed to assist developers and operators in mastering containerization technologies. The repository distinguishes itself through a meticulously organized taxonomy that maps the entire container lifecycle, from initial development and image building to orchestration, security, and infrastructure operations. By curating disparat - [actions/download-artifact](https://awesome-repositories.com/repository/actions-download-artifact.md) (1,858 ⭐) — Download Actions Artifacts from your Workflow Runs. Internally powered by the @actions/artifact package. - [github/awesome-copilot](https://awesome-repositories.com/repository/github-awesome-copilot.md) (35,119 ⭐) — Awesome Copilot is a comprehensive framework for autonomous software development, providing the infrastructure to orchestrate multi-agent teams and automate complex coding workflows. It functions as a centralized platform for managing AI-driven development, enabling developers to deploy specialized agents that interact with local files, terminal commands, and external APIs to execute end-to-end software delivery tasks. The project distinguishes itself through its focus on governance and extensibility, offering a suite of security controls, policy-based execution guardrails, and audit trails t - [curl/curl](https://awesome-repositories.com/repository/curl-curl.md) (42,214 ⭐) — Curl is a command-line tool and portable library for transferring data across a wide range of network protocols. It functions as a unified engine that abstracts diverse communication standards, allowing users and developers to move files and information between servers using a consistent interface. The project provides both a versatile command-line client for terminal-based automation and a stable programmatic interface for integrating complex network operations into applications. The system is distinguished by its protocol-agnostic core and its ability to manage both synchronous and asynchro - [ashutoshgngwr/validate-fastlane-supply-metadata](https://awesome-repositories.com/repository/ashutoshgngwr-validate-fastlane-supply-metadata.md) (27 ⭐) — A Github Action to statically validate Fastlane metadata for Android (supply). - [forensicartifacts/artifacts-kb](https://awesome-repositories.com/repository/forensicartifacts-artifacts-kb.md) (90 ⭐) — Digital Forensics Artifacts Knowledge Base - [clickhouse/clickhouse](https://awesome-repositories.com/repository/clickhouse-clickhouse.md) (48,229 ⭐) — ClickHouse is a high-performance, columnar analytical database designed for real-time query execution and large-scale data aggregation. It functions as a distributed data warehouse capable of processing petabytes of information, while also providing an embedded engine that integrates directly into applications for native query capabilities without external dependencies. The system is built to handle high-throughput ingestion and complex analytical workloads, delivering millisecond-level latency for interactive dashboards and operational monitoring. The platform distinguishes itself through ad - [npm/cli](https://awesome-repositories.com/repository/npm-cli.md) (9,846 ⭐) — This project is a command line interface for managing, installing, and publishing JavaScript packages to a remote registry. It serves as a dependency resolution tool, a software registry publishing client, and a security auditor for Node.js development workflows. The tool distinguishes itself by providing integrated monorepo workspace management and a comprehensive registry authentication client that supports multi-factor authentication. It enables detailed control over the software supply chain through provenance attestations, package signature verification, and the generation of a Software - [trustwallet/trust-wallet-ios](https://awesome-repositories.com/repository/trustwallet-trust-wallet-ios.md) (1,602 ⭐) — :iphone: Trust - Ethereum Wallet and Web3 DApp Browser for iOS - [meeb/tubesync](https://awesome-repositories.com/repository/meeb-tubesync.md) (2,625 ⭐) — TubeSync is a containerized media management tool and self-hosted archiver designed to automate the downloading and organization of video content from online sources, such as YouTube channels and playlists, into a local library for offline access. It functions as a download manager and metadata generator, utilizing a web interface to manage video subscriptions and synchronization settings. The system features a rule-based content filter that evaluates video metadata against user-defined conditions to determine which items enter the download queue. To handle restricted or age-gated content, it - [datahub-project/datahub](https://awesome-repositories.com/repository/datahub-project-datahub.md) (12,141 ⭐) — DataHub is a metadata management platform designed to unify technical, operational, and business context across diverse data ecosystems. By utilizing a graph-based metadata model and an event-driven ingestion architecture, it creates a centralized source of truth that maps complex data relationships, lineage, and ownership. This foundational framework enables organizations to maintain a synchronized view of their data landscape, supporting both human-led discovery and automated data operations. The platform distinguishes itself through its focus on grounding artificial intelligence and autono - [cosmos/chain-registry](https://awesome-repositories.com/repository/cosmos-chain-registry.md) (574 ⭐) — This repo contains a chain.json, assetlist.json, and versions.json for a number of cosmos-sdk based chains (and assetlist.json for non-cosmos chains). A chain.json contains data that makes it easy to start running or interacting with a node. - [googlecontainertools/distroless](https://awesome-repositories.com/repository/googlecontainertools-distroless.md) (22,254 ⭐) — Distroless provides a collection of security-hardened, minimal base container images designed to reduce attack surfaces by excluding non-essential system utilities, package managers, and shells. These images are constructed to contain only an application and its specific runtime dependencies, enforcing the principle of least privilege by configuring environments for non-root execution. The project distinguishes itself through a focus on supply chain integrity and reproducible builds. It utilizes declarative build configurations to track package versions and validates container image integrity - [emqx/emqx](https://awesome-repositories.com/repository/emqx-emqx.md) (16,422 ⭐) — This project is a high-performance MQTT broker and IoT data platform designed to manage millions of concurrent device connections. It provides a scalable infrastructure for ingesting, processing, and routing telemetry data across distributed systems, utilizing an actor-based concurrency model to maintain high availability and state synchronization across cluster nodes. The platform distinguishes itself through integrated stream processing and edge computing capabilities. It allows users to execute declarative SQL-based rules directly against incoming message streams for real-time filtering, t - [googlecontainertools/skaffold](https://awesome-repositories.com/repository/googlecontainertools-skaffold.md) (15,856 ⭐) — Skaffold is a command-line tool that automates the build, push, and deployment lifecycle for containerized applications on Kubernetes. It functions as a continuous development engine, monitoring source code for changes to trigger incremental updates, manifest hydration, and automated deployments to a cluster. By abstracting the underlying build and deployment tools, it provides a unified interface for managing the inner development loop. The platform distinguishes itself through its environment-aware configuration and flexible build orchestration. It supports diverse build strategies, includi - [googlecloudplatform/distroless](https://awesome-repositories.com/repository/googlecloudplatform-distroless.md) (22,774 ⭐) — Distroless provides a set of OCI-compliant minimal base images and hardening tools designed to create secure, language-specific execution environments. These images are stripped of non-essential system binaries, shells, and package managers to reduce the container attack surface. The project utilizes upstream-tracked automated patching to monitor operating system releases and generate updated images when security vulnerabilities are addressed. It ensures supply chain integrity through image provenance verification using ephemeral-key digital signatures. The system supports the generation of - [stemmlerjs/software-design-and-architecture-roadmap](https://awesome-repositories.com/repository/stemmlerjs-software-design-and-architecture-roadmap.md) (3,402 ⭐) — 🧱 The software design and architecture roadmap for any developer - [fatih/vim-go](https://awesome-repositories.com/repository/fatih-vim-go.md) (16,242 ⭐) — This project is a comprehensive development plugin for the Vim text editor, designed to transform the editor into a specialized environment for Go software development. It provides a suite of integrated tools that facilitate the entire development lifecycle, including writing, maintaining, and navigating Go source code. The plugin distinguishes itself by orchestrating external command-line binaries and language servers to perform heavy analysis, compilation, and formatting tasks as background processes. By mapping editor events to these external tools and utilizing virtual file system synchro