Libraries tagged by supply-chain
dgtlss/warden
63546 Downloads
A Laravel package that proactively monitors your dependencies for security vulnerabilities by running automated composer audits and sending notifications via webhooks and email
cotonet/soak-time
9850 Downloads
Protects against supply chain attacks by filtering recently published packages.
k2gl/tuf
1584 Downloads
TUF (The Update Framework) client for PHP: fetch and verify signed metadata and targets
k2gl/sigstore-verify
937 Downloads
Offline Sigstore bundle verifier for PHP (Fulcio, Rekor, identity policy)
k2gl/sigstore-bundle
541 Downloads
Build Sigstore bundles (.sigstore.json) in PHP — the counterpart to verification, emitting DSSE and message-signature bundles
k2gl/rekor-client
396 Downloads
A PSR-18 client for the Rekor v2 transparency log — submit entries and read checkpoints in PHP
k2gl/in-toto-attestation
1917 Downloads
Build, sign and verify in-toto attestation Statements (v1 and v0.1) in PHP
k2gl/dsse
2647 Downloads
Sign and verify DSSE (Dead Simple Signing Envelope) payloads in PHP, with pluggable keys
k2gl/composer-attest
555 Downloads
Composer plugin that verifies GitHub build-provenance attestations for the packages you install
innobrain/soak-time
1686 Downloads
Protects against supply chain attacks by filtering recently published packages.
k2gl/slsa-provenance
324 Downloads
SLSA Provenance predicates (v1 and v0.2) for PHP
k2gl/sigstore-sign
176 Downloads
Sign artifacts and attestations with Sigstore from PHP — sign, log to Rekor, timestamp, and assemble a bundle
encoredigitalgroup/heimdall
311 Downloads
Heimdall — a Composer plugin that guards the bridge between Packagist and your vendor directory against supply chain attacks.
k2gl/sshsig
17 Downloads
Pure-PHP SSHSIG signing and verification, compatible with ssh-keygen -Y
k2gl/openvex
4 Downloads
Read, write and canonicalize OpenVEX documents in PHP