41 results found Sort:
- Filter by Primary Language:
- Go (12)
- Rust (7)
- Python (5)
- JavaScript (5)
- TypeScript (4)
- Shell (2)
- HTML (1)
- +
Supply-chain Levels for Software Artifacts
Created
2021-03-10
1,893 commits to main branch, last one a day ago
GUAC aggregates software security metadata into a high fidelity graph database.
Created
2022-06-10
1,690 commits to main branch, last one 23 hours ago
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Created
2020-01-28
386 commits to master branch, last one 5 days ago
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Created
2017-11-27
1,102 commits to main branch, last one 11 months ago
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Created
2022-07-14
238 commits to main branch, last one about a month ago
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Created
2022-04-22
439 commits to main branch, last one 7 months ago
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Created
2021-10-28
531 commits to main branch, last one 2 days ago
Graphing SBOM's Fast.
Created
2024-06-05
127 commits to main branch, last one a day ago
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Created
2023-03-06
1,041 commits to main branch, last one 20 hours ago
Independent verification of binary packages - reproducible builds
Created
2019-12-12
424 commits to main branch, last one a day ago
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
Created
2023-01-21
239 commits to main branch, last one 12 days ago
Docker Scout CLI
Created
2023-05-21
173 commits to main branch, last one 10 days ago
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom
devsecops
attestation
awesome-list
cve-scanning
dependencies
oss-compliance
static-analysis
package-management
reproducible-builds
supply-chain-attacks
dependency-management
software-supply-chain
supply-chain-security
security-vulnerability
vulnerability-scanning
vulnerability-management
software-composition-analysis
software-supply-chain-security
Created
2022-02-20
447 commits to main branch, last one about a year ago
Orchestrate GitHub Actions Security
Created
2021-10-12
1,287 commits to main branch, last one 2 months ago
boostsecurityio/poutine
Created
2024-04-09
158 commits to main branch, last one 16 hours ago
Tool to achieve policy driven vetting of open source dependencies
Created
2022-12-30
472 commits to main branch, last one 2 days ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created
2020-03-26
386 commits to master branch, last one 20 days ago
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
Created
2022-01-08
955 commits to main branch, last one about a month ago
SBOM quality score - Quality metrics for your sboms
Created
2023-01-31
560 commits to main branch, last one 2 days ago
Small tool to inform you about potential risks in project dependencies list
Created
2022-03-25
26 commits to main branch, last one about a year ago
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...
Created
2022-12-05
464 commits to main branch, last one 2 months ago
List your dependencies capabilities and monitor if updates require more capabilities.
This repository has been archived
(exclude archived)
Created
2022-01-11
34 commits to main branch, last one about a year ago
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Created
2023-07-28
88 commits to main branch, last one 9 months ago
Signing-key abuse and update exploitation framework
Created
2022-10-16
330 commits to main branch, last one 7 days ago
boostsecurityio/lotp
Created
2024-02-15
12 commits to main branch, last one 8 months ago
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Created
2023-01-12
330 commits to main branch, last one 9 months ago
Docker Scout GitHub Action
Created
2023-02-27
237 commits to main branch, last one 10 days ago
Runtime Security Solution for your CI/CD Pipeline
Created
2023-03-02
81 commits to main branch, last one 2 months ago
Experimental pacman integration for Reproducible Builds and Binary Transparency (with sigstore/rekor)
Created
2021-08-23
72 commits to main branch, last one 4 months ago
Automatically assess and score software repositories for supply chain risk.
Created
2023-01-03
491 commits to main branch, last one 19 hours ago