[PR #27] [CLOSED] Add proof-of-commitment to Tools section #33

Closed
opened 2026-06-06 15:43:51 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/myugan/awesome-cicd-security/pull/27
Author: @piiiico
Created: 6/5/2026
Status: Closed

Base: mainHead: add-proof-of-commitment


📝 Commits (1)

  • 97d987b Add proof-of-commitment to Tools section

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 README.md (+1 -0)

📄 Description

Summary

  • Adds proof-of-commitment to the Tools section
  • Supply chain security CLI and CI gate that scores npm/PyPI/Cargo/Go packages on behavioral risk signals (publisher depth, release consistency, longevity)
  • Can run as a CI gate (npx -y proof-of-commitment --fail-on=critical), GitHub Action (piiiico/commit-action@v1), or MCP server for AI coding tools

Why it belongs here

proof-of-commitment is a CI/CD security tool that catches risky dependencies before they enter the pipeline — complementing existing tools that focus on workflow misconfigurations and secrets. It evaluates the behavioral trustworthiness of package publishers rather than scanning for known CVEs.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/myugan/awesome-cicd-security/pull/27 **Author:** [@piiiico](https://github.com/piiiico) **Created:** 6/5/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `add-proof-of-commitment` --- ### 📝 Commits (1) - [`97d987b`](https://github.com/myugan/awesome-cicd-security/commit/97d987b92118fc17e58f3650d8ac8df7c0d00fc2) Add proof-of-commitment to Tools section ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `README.md` (+1 -0) </details> ### 📄 Description ## Summary - Adds [proof-of-commitment](https://github.com/piiiico/proof-of-commitment) to the Tools section - Supply chain security CLI and CI gate that scores npm/PyPI/Cargo/Go packages on behavioral risk signals (publisher depth, release consistency, longevity) - Can run as a CI gate (`npx -y proof-of-commitment --fail-on=critical`), GitHub Action (`piiiico/commit-action@v1`), or MCP server for AI coding tools ## Why it belongs here proof-of-commitment is a CI/CD security tool that catches risky dependencies before they enter the pipeline — complementing existing tools that focus on workflow misconfigurations and secrets. It evaluates the *behavioral trustworthiness* of package publishers rather than scanning for known CVEs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-06 15:43:51 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/awesome-cicd-security#33