secure-by-default github template for oss: signed commits, sha-pinned actions, slsa v1.0 provenance, sigstore keyless signing, npm oidc publishing.
npm provenance secure-by-default oidc software-supply-chain scorecard release-engineering sbom github-template template-repository slsa supply-chain-security cosign ossf sigstore openssf slsa-provenance sha-pinning trusted-publisher keyless-signing
-
Updated
Jun 9, 2026 - Shell