tuf - A framework for securing software update systems

  •        147

The Update Framework (TUF) helps developers maintain the security of a software update system, even against attackers that compromise the repository or signing keys. TUF provides a flexible framework and specification that developers can adopt into any software update system. TUF is hosted by the Linux Foundation as part of the Cloud Native Computing Foundation (CNCF) and is used in production by companies such as Docker, DigitalOcean, Flynn, LEAP, Kolide, Cloudflare, and VMware. A variant of TUF called Uptane is widely used to secure over-the-air updates in automobiles.

https://theupdateframework.com/
https://github.com/theupdateframework/tuf

Tags
Implementation
License
Platform

   




Related Projects

python-tuf - Python reference implementation of The Update Framework (TUF)

  •    Python

This repository is the reference implementation of The Update Framework (TUF). It is written in Python and intended to conform to version 1.0 of the TUF specification. The reference implementation strives to be a readable guide and demonstration for those working on implementing TUF in their own languages, environments, or update systems.

go-tuf - Go implementation of The Update Framework (TUF)

  •    Go

This is a Go implementation of The Update Framework (TUF), a framework for securing software update systems.go-tuf provides a CLI for managing a local TUF repository.

go-tuf - Go implementation of The Update Framework (TUF)

  •    Go

This is a Go implementation of The Update Framework (TUF), a framework for securing software update systems. go-tuf provides a CLI for managing a local TUF repository.

notary - Notary is a project that allows anyone to have trust over arbitrary collections of data

  •    Go

The Notary project has officially been accepted in to the Cloud Native Computing Foundation (CNCF). It has moved to https://github.com/theupdateframework/notary. Any downstream consumers should update their Go imports to use this new location, which will be the canonical location going forward. We have moved the repo in GitHub, which will allow existing importers to continue using the old location via GitHub's redirect.

Cryptlib - provides Encryption and Authentication Service

  •    C

cryptlib is a powerful security toolkit that allows even inexperienced crypto programmers to easily add encryption and authentication services to their software. It provides support for S/MIME and PGP/OpenPGP secure enveloping, SSL/TLS and SSH secure sessions, CA services such as CMP, SCEP, RTCS, and OCSP, and other security operations such as secure timestamping.


GOSINT - The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs)

  •    Javascript

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary.

Dogtag - Certificate System

  •    Java

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. It supports Certificate issuance, revocation, and retrieval, Certificate Revocation List (CRL) generation and publishing, Encryption key archival and recovery and lot more.

eos - An open source smart contract platform

  •    C++

Welcome to the EOSIO source code repository! This software enables businesses to rapidly build and deploy high-performance and high-security blockchain-based applications. EOSIO is released under the open source MIT license and is offered “AS IS” without warranty of any kind, express or implied. Any security provided by the EOSIO software depends in part on how it is used, configured, and deployed. EOSIO is built upon many third-party libraries such as Binaryen (Apache License) and WAVM (BSD 3-clause) which are also provided “AS IS” without warranty of any kind. Without limiting the generality of the foregoing, Block.one makes no representation or guarantee that EOSIO or any third-party libraries will perform as intended or will be free of errors, bugs or faulty code. Both may fail in large or small ways that could completely or partially limit functionality or compromise computer systems. If you use or implement EOSIO, you do so at your own risk. In no event will Block.one be liable to any party for any damages whatsoever, even if it had been advised of the possibility of damage.

Android-DFU-Library - A library with DFU feature for Android 4.3+.

  •    Java

The nRF5x Series chips are flash-based SoCs, and as such they represent the most flexible solution available. A key feature of the nRF5x Series and their associated software architecture and S-Series SoftDevices is the possibility for Over-The-Air Device Firmware Upgrade (OTA-DFU). See Figure 1. OTA-DFU allows firmware upgrades to be issued and downloaded to products in the field via the cloud and so enables OEMs to fix bugs and introduce new features to products that are already out on the market. This brings added security and flexibility to product development when using the nRF5x Series SoCs. This repository contains a tested library for Android 4.3+ platform which may be used to perform Device Firmware Update on the nRF5x device using a phone or a tablet.

vuls - Vulnerability scanner for Linux/FreeBSD, agentless, written in Go

  •    Go

For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for system administrator to choose not to use the automatic update option provided by package manager and to perform update manually. This leads to the following problems. Vuls is a tool created to solve the problems listed above. It has the following characteristics.

Kubernetes_Security_Specialist_Study_Guide

  •    HCL

The CKS is the third Kubernetes based certification backed by the Cloud Native Computing Foundation (CNCF). CKS will join the existing Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) programs. All three certifications are online, proctored, performance-based exams that will require solving multiple Kubernetes security tasks from the command line. With the massive investment into Kubernetes over the last five years, these certifications continue to be highly sought after by many seeking out technical knowledge about Kubernetes. This repository contains resources to build a Kubernetes cluster, and example questions and answers based on the Certified Kubernetes Security Specialist (CKS) exam curriculum.

mvt - MVT (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise

  •    Python

Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices. It has been developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus project along with a technical forensic methodology and forensic evidence.

SKGL - Serial Key Generating Library

  •    DotNet

This project helps you to create a well-working, easy-to-use software licensing system. 20 letters short serial key, feature locking, machine locking...

rails-security-checklist - :key: Community-driven Rails Security Checklist (see our GitHub Issues for the newest checks that aren't yet in the README)

  •    Ruby

This checklist is limited to Rails security precautions and there are many other aspects of running a Rails app that need to be secured (e.g. up-to-date operating system and other software) that this does not cover. Consult a security expert. One aim for this document is to turn it into a community resource much like the Ruby Style Guide.

Moby Project - An open framework to assemble specialized container systems

  •    Go

Moby is an open-source project created by Docker to advance the software containerization movement. It provides a “Lego set” of dozens of components, the framework for assembling them into custom container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.

Software Protector

  •    DotNet

Software Protector is an open source 100% managed .NET licensing system based on SKGL Project. Generate keys for your software, and validate them using SKGL lib

Vault - A tool for managing secrets

  •    Go

Vault secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault handles leasing, key revocation, key rolling, and auditing. Vault presents a unified API to access multiple backends: HSMs, AWS IAM, SQL databases, raw key/value, and more.

tikv - Distributed transactional key-value database, originally created to complement TiDB

  •    Rust

TiKV is an open-source, distributed, and transactional key-value database. Unlike other traditional NoSQL systems, TiKV not only provides classical key-value APIs, but also transactional APIs with ACID compliance. Built in Rust and powered by Raft, TiKV was originally created to complement TiDB, a distributed HTAP database compatible with the MySQL protocol. The design of TiKV ('Ti' stands for titanium) is inspired by some great distributed systems from Google, such as BigTable, Spanner, and Percolator, and some of the latest achievements in academia in recent years, such as the Raft consensus algorithm.

caldera - An automated adversary emulation system

  •    Python

CALDERA is an automated adversary emulation system that performs post-compromise adversarial behavior within Windows Enterprise networks. It generates plans during operation using a planning system and a pre-configured adversary model based on the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK™) project. These features allow CALDERA to dynamically operate over a set of systems using variable behavior, which better represents how human adversaries perform operations than systems that follow prescribed sequences of actions. CALDERA is useful for defenders who want to generate real data that represents how an adversary would typically behave within their networks. Since CALDERA's knowledge about a network is gathered during its operation and is used to drive its use of techniques to reach a goal, defenders can get a glimpse into how the intrinsic security dependencies of their network allow an adversary to be successful. CALDERA is useful for identifying new data sources, creating and refining behavioral-based intrusion detection analytics, testing defenses and security configurations, and generating experience for training.

salus - Security scanner coordinator

  •    Ruby

Salus, named after the Roman goddess of protection, is a tool for coordinating the execution of security scanners. You can run Salus on a repository via the Docker daemon and it will determine which scanners are relevant, run them and provide the output. Most scanners are other mature open source projects which we include directly in the container. Salus is particularly useful for CI/CD pipelines because it becomes a centralized place to coordinate scanning across a large fleet of repositories. Typically, scanners are configured at the repository level for each project. This means that when making org wide changes to how the scanners are run, each repository must be updated. Instead, you can update Salus and all builds will instantly inherit the change.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.