Our contributions to the infrastructure.
- Maven
- Pypi
- Go
- Github
- search on Github for all commits signed by a given GPG or SSH key
- fix outdated Github workflow template
- keep github action logs forever for transparency and auditability of published software packages
- link to attestation in NPM automated notification emails
- Github SBOMs are not compatible with Grype
- Docker
Applications:
- Key contributions to make go-ethereum / geth reproducible
- Diffoscope