OSS Rebuild
Securing open-source package ecosystems by originating, validating, and augmenting build attestations.
Cost / License
- Free
- Open Source
Platforms
- Go (Programming Language)
- Linux
- Mac
- Windows
- BSD
Features
Properties
- Security-focused
Features
- CI/CD
- NPM
Tags
- pipeline-integration
- integrity-check
- supply-chain-software
- rebuild
- supply-chain-management
- Supply Chain Security
- source-code-analysis
- software-supply-chain-security
- integrity
- pypi
- data-integrity
- file-integrity
OSS Rebuild News & Activities
Recent News
- POX published news article about OSS Rebuild
Google launches OSS Rebuild to boost trust in open source package securityGoogle has announced OSS Rebuild, a new initiative designed to enhance trust across open source pac...
Recent activities
POX added OSS Rebuild as alternative to RepoFlow, Artifactory, Azure Artifacts and Sonatype Nexus Repository OSS- POX added OSS Rebuild
OSS Rebuild information
Developed by
Google Licensing
Open Source (Apache-2.0) and Free product.Written in
Alternatives
15 alternatives listedSupported Languages
- English
AlternativeTo Categories
Development, Security & PrivacyGitHub repository
- 674 Stars
- 41 Forks
- 102 Open Issues
- Updated
What is OSS Rebuild?
Secure open-source package ecosystems by originating, validating, and augmenting build attestations.
OSS Rebuild aims to apply reproducible build concepts at low-cost and high-scale for open-source package ecosystems.
Rebuilds are derived by analyzing the published metadata and artifacts and are evaluated against the upstream package versions. When successful, build attestations are published for the upstream artifacts, verifying the integrity of the upstream artifact and eliminating many possible sources of compromise.
We currently support the following ecosystems:
- NPM (JavaScript/TypeScript)
- PyPI (Python)
- Crates.io (Rust)
While complete coverage is the aim, only the most popular packages within each ecosystem are currently rebuilt.