Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks

Last update: May 4, 2023

Related tags

Overview

Spector

Spector is both tooling and a library for the generation, validation and verification of supply chain metadata documents and frameworks. Many tools generate non-compliant SBOMs or attestations. It currently supports

Library

You can include spector as a library when writing generators for SLSA or other supported document types. It can provide the serialization & deserialization for SLSA attestations, assuring that they are properly to spec before you go further in the process.

Tooling

Spector is still early on and doesn't have an official release yet.

You can run:

cargo run validate in-toto-v1 slsa-provenance-v1 --file tests/fixtures/slsa_provenance_v1.json

You can replace the slsa_provenance_v1.json with another in-toto statement and even an invalid one to verify the correctness of the document.

Developing and Building

Spector is written in Rust, and built with cargo Check out the code and run cargo build or cargo test.

You might also like...

🏭 Convert Markdown documents into themed HTML pages with support for code syntax highlighting, LaTeX and Mermaid diagrams.

Marky Markdown Magician 🧙 Features Hot reload previewing 🔥 Conversion to HTML / PDF 🏭 Themes! ✨ Extensions - Math, diagrams, syntax-highlighting 🧩

12 Feb 19, 2023

A tool to format codeblocks inside markdown and org documents.

cbfmt (codeblock format) A tool to format codeblocks inside markdown, org, and restructuredtext documents. It iterates over all codeblocks, and format

126 May 26, 2023

A tool to compare how Typst documents would look using different fonts or font variants.

typst-font-compare A tool to compare how Typst documents would look using different fonts or font variants. Installation cargo install --path . Usage

3 Feb 15, 2024

Shellfirm - Intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification

shellfirm Opppppsss you did it again? 😱 😱 😰 Protect yourself from yourself! rm -rf * git reset --hard before saving? kubectl delete ns which going

652 Dec 29, 2022

Comments

Split in-toto attestation statement from SLSA predicate

Since this will probably end up supporting multiple in-toto attestation types, it will be worthwhile to split them apart so that we can have multiple predicates.

opened by mlieberman85 1
Use anyhow for custom errors

Anyhow isn't required for all errors, only when various functions can end up needing to deal with multiple error types, e.g. io and serde_json and we stil want to pass the error message along. I anticipate it will mostly be used to pass error messages onto the user in the cli.

opened by mlieberman85 0
Figure out a way to show all fields that have serialization errors not just the first one

Serde short circuits once it finds a field it can't deserialize into and returns the error. It would be nice to record all the errors and return the list of errors to the user so they know all the fields that are incorrect.

opened by mlieberman85 0
Support de(serialization) of hash types

There are multiple hash types supported by v1.0 of the in-toto attestation spec: https://github.com/in-toto/attestation/blob/main/spec/v1.0/digest_set.md

opened by mlieberman85 0

Tooling and library for generation, validation and verification of supply chain metadata documents and frameworks

Related tags

Overview

Spector

Library

Tooling

Developing and Building

You might also like...

🏭 Convert Markdown documents into themed HTML pages with support for code syntax highlighting, LaTeX and Mermaid diagrams.

A tool to format codeblocks inside markdown and org documents.

A tool to compare how Typst documents would look using different fonts or font variants.

Shellfirm - Intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification

sg = Steam Guard, access sg verification code locally.

A Python package written in Rust for email verification without sending any emails.

Chemical structure generation for protein sequences as SMILES string.

Next-generation, type-safe CLI parser for Rust

EVA ICS v4 is a new-generation Industrial-IoT platform for Industry-4.0 automated control systems.

Comments

Split in-toto attestation statement from SLSA predicate

Use anyhow for custom errors

Figure out a way to show all fields that have serialization errors not just the first one

Support de(serialization) of hash types

Owner

Kusari

Following "ZK HACK III - Building On-chain Apps Off-chain Using RISC Zero"

tmplt is a command-line interface tool that allows you to quickly and easily set up project templates for various programming languages and frameworks

Mercy is a public Rust crate created to assist with building cybersecurity frameworks, assessment tools, and numerous other projects

Mercy is a public Rust crate created to assist with building cybersecurity frameworks, assessment tools, and numerous other projects

A command line tool for building and running custom web frameworks with Deno in mind.

Transform jsx/tsx files to reactive views in js/ts to use in Web Components, insert into DOM or integrate with other libraries/frameworks

A server software designed for fetching Minecraft and Minecraft-related metadata

niwl - a prototype system for open, decentralized, metadata resistant communication

subscript metadata to mpeg-ts

Simple, cross-platform GameMaker lib for getting file metadata