Welcome to Leplus.org OSS Repositories 👋
You can find my open source projects here.
All the projects are continuously scanned for known vulnerabilities (CVE). Releases uses semantic versioning. All commits go through a code review before being merged. All the merged commits and the resulting published artifacts are digitally signed:
- GitHub commits are signed using GitHub's verified signature.
- Maven Central are signed using public key 4C155617 which you can verity using this docker image for example.
All the third-party (open source) dependencies are linked to a specific version to keep build reproducible and to prevent supply chain attacks (cryptographic hashes are used instead or on top of numerical versions wherever possible in order to pin mutable versions, e.g. for Docker containers or GitHub Actions).
I also have other incubating projects here.