Tom Meadows's Projects
Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for software artifacts.
Integrate OPA Gatekeeper's new ExternalData feature with witness to determine whether the images are valid by verifying them against a witness policy
Declarative continuous deployment for Kubernetes.
ArgoProj Helm Charts
Workflow engine for Kubernetes
Create Attestations for Kubernetes Pods using Tetragon events
where I write about stuff
Trying to build with Nix and home-manager
Supply Chain Security in Tekton Pipelines
Config files for my GitHub profile.
in-toto is a framework to secure the software supply chain.
Container Signing
š® āļø to integrate OPA Gatekeeper's new ExternalData feature with cosign to determine whether the images are valid by verifying their signatures
A Kubernetes CSI plugin to automatically mount SPIFFE certificates to Pods using ephemeral volumes
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.
Command-line tools for Dapr.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
Trust Dexter to ensure that all your images are pinned by digest for better security
DefectDojo is an open-source DevSecOps and vulnerability management tool.
My configs for the tools I use
Go implementation of witness
GitHub Action for GoReleaser
OpenSourced Helm charts
Renovation of Home Lab Infrastructure
a test repo for merging the docs of the in-toto repositories
The shared repository for the in-toto website that exposes the documentation of projects across in-toto
Specification and other related documents.
First Project (Further Digital)
A modern load testing tool, using Go and JavaScript - https://k6.io