Tool

CLI

Supply Chain Security

dalec

by Azure

180stars

35forks

14watchers

Updated 8 months ago

About

Dalec provides a secure, declarative way to build system packages and containers with a focus on supply chain security.

📦 Produce secure packages and containers with declarative configurations

Primary Use Case

Dalec is used by developers and DevOps teams to create secure packages and container images through declarative configurations, ensuring supply chain integrity. It is especially useful for organizations aiming to minimize vulnerabilities and maintain provenance and SBOMs during build processes.

Key Features

No additional tools needed except Docker
Easy to use declarative configuration
Supports building packages and containers for DEB-based and RPM-based Linux distributions
Cross compilation support for Windows containers
Pluggable support for other operating systems
Produces minimal image sizes to reduce vulnerabilities and attack surface
Supports signed packages
Generates build time SBOMs and Provenance attestations for supply chain security

Installation

Install Docker from https://docs.docker.com/engine/install/
Refer to Dalec documentation at https://azure.github.io/dalec/ for detailed setup and usage instructions

Security Frameworks

Defense Evasion

Resource Development

Initial Access

Execution

Impact

Usage Insights

Integrate Dalec into CI/CD pipelines to automate secure package and container builds, reducing human error and supply chain risks.
Leverage SBOM and provenance attestations generated by Dalec to enhance software bill of materials tracking and vulnerability management.
Use Dalec's minimal image size feature to reduce attack surface in containerized environments, improving runtime security posture.
Combine Dalec with runtime container security tools to create a layered defense strategy from build to deployment.
Encourage collaboration between DevOps and security teams by adopting Dalec's declarative configurations for transparent and auditable build processes.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about dalec. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

This tool hasn't been indexed yet. Request indexing to enable AI chat.

Admin will review your request within 24 hours

Security Profile

Red Team60%

Blue Team80%

Purple Team70%

Details

LicenseMIT License

LanguageGo

Open Issues193

Topics

containers

declarative

linux

packages

security

security-tools

azure-linux

almalinux

debian

ubuntu

Related Tools

python-tuf

theupdateframework/python-tuf

Framework

Python reference implementation of The Update Framework (TUF)

1.7K

8 months ago

in-toto

in-toto/in-toto

Framework

in-toto is a framework to protect supply chain integrity.

939

8 months ago

rebuilderd

kpcyrd/rebuilderd

Tool

Independent verification of binary packages - Reproducible Builds

389

8 months ago

scharf

cybrota/scharf

Tool

Static analysis tool to Identify and Fix GitHub Actions prone to Supply‑Chain Risks

10 months ago

sigrun

kube-tarian/sigrun

Tool

Sign your artifacts, source code or container images using Sigstore tools, Save the Signatures you want to use, and Validate & Control the deployments to allow only the known Sources based on Signatures, Maintainers & other payloads automatically.

7 months ago

cosign-helm-chart-keyless-signing-example

DevOpsHiveHQ/cosign-helm-chart-keyless-signing-example

Tool

Example of using Sigstore/Cosign to secure Helm chart supply chain

⚠ over 2 years ago