Business Software for Chainguard

GitHub is the world’s most secure, most scalable, and most loved developer platform. Join millions of developers and businesses building the software that powers the world. Build with the world’s most innovative communities, backed by our best tools, support, and services. If you manage multiple contributors , there’s a free option: GitHub Team for Open Source. We also run GitHub Sponsors, where we help fund your work. The Pack is back. We’ve partnered up to give students and teachers free access to the best developer tools—for the school year and beyond. Work for a government-recognized nonprofit, association, or 501(c)(3)? Get a discounted Organization account on us.

GitLab is a complete DevOps platform. With GitLab, you get a complete CI/CD toolchain out-of-the-box. One interface. One conversation. One permission model. GitLab is a complete DevOps platform, delivered as a single application, fundamentally changing the way Development, Security, and Ops teams collaborate. GitLab helps teams accelerate software delivery from weeks to minutes, reduce development costs, and reduce the risk of application vulnerabilities while increasing developer productivity. Source code management enables coordination, sharing and collaboration across the entire software development team. Track and merge branches, audit changes and enable concurrent work, to accelerate software delivery. Review code, discuss changes, share knowledge, and identify defects in code among distributed teams via asynchronous review and commenting. Automate, track and report code reviews.

The leading open source automation server, Jenkins provides hundreds of plugins to support building, deploying and automating any project. As an extensible automation server, Jenkins can be used as a simple CI server or turned into the continuous delivery hub for any project. Jenkins is a self-contained Java-based program, ready to run out-of-the-box, with packages for Windows, Linux, macOS and other Unix-like operating systems. Jenkins can be easily set up and configured via its web interface, which includes on-the-fly error checks and built-in help. With hundreds of plugins in the Update Center, Jenkins integrates with practically every tool in the continuous integration and continuous delivery toolchain. Jenkins can be extended via its plugin architecture, providing nearly infinite possibilities for what Jenkins can do. Jenkins can easily distribute work across multiple machines, helping drive builds, tests and deployments across multiple platforms faster.

Bamboo offers first-class support for the "delivery" aspect of continuous delivery. Deployment projects automate the tedium right out of releasing into each environment, while letting you control the flow with per-environment permissions.

Automate your development process with CI hosted in the cloud or on a private server. Take control of your code and manage every source of change. CircleCI means change validation, at every step. Trust that you can release updates right when your customers need them, with the certainty they’ll work every time. The power to create without limits. Code in every language and across multiple execution environments. If you can write it, we can build, test, and deploy it. With flexible environments and thousands of pre-built integrations, your pipelines never limit the possibility of what you can deliver. We’re the only CI/CD platform that’s FedRAMP certified and SOC 2 Type II compliant. Built-in features like audit logs, OpenID Connect, third-party secrets management, and LDAP give you complete control of your code.

Run the open-source buildkite-agent on your own infrastructure for maximum speed, control, and security. The agent checks out your source code, executes custom hooks and overrides, and then runs your build jobs. Your source code never leaves your infrastructure. You can install the agent using one of our packages and binaries for almost every platform and architecture, including Ubuntu, Debian, Mac, Windows, Docker, and more. The agent’s artifact and meta-data storage allows for share-nothing, state-free build jobs that can be easily distributed and scaled across any number of agents. Run as many build agents as you need (up to 10,000 connected per account), without breaking a sweat. The open-source Elastic CI Stack for AWS gives you an easy-to-maintain, elastically scaling CI stack in your own AWS account. Or if you prefer to roll your own, you can use the tools you’re already familiar with in your production environments (such as Packer and Terraform).

OWASP CycloneDX is a lightweight Software Bill of Materials (SBOM) standard designed for use in application security contexts and supply chain component analysis. Strategic direction and maintenance of the specification is managed by the CycloneDX Core working group, with origins in the OWASP community. A complete and accurate inventory of all first-party and third-party components is essential for risk identification. BOMs should ideally contain all direct and transitive components and the dependency relationships between them. Adopting CycloneDX allows organizations to quickly meet these minimum requirements and mature into using more sophisticated use cases over time. CycloneDX is capable of achieving all SBOM requirements defined in the OWASP Software Component Verification Standard (SCVS).