Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/buildsec/vendorme
https://github.com/buildsec/vendorme
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/buildsec/vendorme
- Owner: buildsec
- License: other
- Created: 2021-11-10T01:48:54.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-07-05T17:26:25.000Z (7 months ago)
- Last Synced: 2024-07-15T18:04:09.896Z (6 months ago)
- Language: Go
- Size: 591 KB
- Stars: 7
- Watchers: 6
- Forks: 2
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-software-supply-chain-security - buildsec/vendorme
README
# vendorme
Vendorme is a tool that makes vendoring your project easier to do. It improves the developer workflow by giving you one single place to manage any vendored dependencies, and ensures that those are validated properly to improve the security around your supply chain.
## Installation
With go 1.16 installed, run
`go install github.com/buildsec/vendorme@latest`
## How it works
Vendorme takes a basic definition of what you want to vendor, and how to validate it. It will then go through your file - see [example](example/vendor.yaml)
Currently it only supports [rekor](https://github.com/sigstore/rekor) validations.
## Useage
`vendorme pull` will default to looking for a **vendor.yaml**
otherwise `vendorme pull yourvendorfile.yaml`