Carabiner Systems
@carabiner.dev
At Carabiner Systems we're busy building the connective tissue that will bind the supply chain security ecosystem 🔗
Read all about here :)
slsa.dev/blog/2025/10...
slsa.dev/blog/2025/10...
SLSA End-to-End With AMPEL & Friends
This guest post walks through a practical, end-to-end SLSA implementation using 🔴🟡🟢 AMPEL — the Amazing Multipurpose Policy Engine (and L) — along with other tools in the supply chain security ecosyst...
slsa.dev
October 23, 2025 at 2:54 PM
Read all about here :)
slsa.dev/blog/2025/10...
slsa.dev/blog/2025/10...
This time, the demo is a full SLSA end-to-end example. The post demonstrates how to leverage AMPEL to verify SLSA Build Track #attestations for the security level of a commit, check the provenance attestation of a builder image, and generate a VSA with the results, protecting the build process.
October 23, 2025 at 2:54 PM
This time, the demo is a full SLSA end-to-end example. The post demonstrates how to leverage AMPEL to verify SLSA Build Track #attestations for the security level of a commit, check the provenance attestation of a builder image, and generate a VSA with the results, protecting the build process.
We would love to hear your thoughts and feedback, but only after celebrating with a couple of beers, cheers! 🍻
September 24, 2025 at 5:22 PM
We would love to hear your thoughts and feedback, but only after celebrating with a couple of beers, cheers! 🍻
Shout out to @odd.computer for all their work securing open source and helping us operationalize OSS Rebuild with AMPEL 🤗
September 24, 2025 at 5:22 PM
Shout out to @odd.computer for all their work securing open source and helping us operationalize OSS Rebuild with AMPEL 🤗
AMPEL is Carbiner's flagship project, and to mark the release cut, we've published a PolicySet example and full demo/tutorial to protect projects from the recent npm credentials compromise with the help of Google's OSS Rebuild project. Check it out here:
github.com/carabiner-de...
github.com/carabiner-de...
GitHub - carabiner-dev/demo-npm-compromise: A sample npm app to verify compromised packages with Google's OSS Rebuild project
A sample npm app to verify compromised packages with Google's OSS Rebuild project - carabiner-dev/demo-npm-compromise
github.com
September 24, 2025 at 5:22 PM
AMPEL is Carbiner's flagship project, and to mark the release cut, we've published a PolicySet example and full demo/tutorial to protect projects from the recent npm credentials compromise with the help of Google's OSS Rebuild project. Check it out here:
github.com/carabiner-de...
github.com/carabiner-de...