44 results found Sort:
- Filter by Primary Language:
- Go (13)
- Rust (7)
- JavaScript (6)
- Python (5)
- TypeScript (4)
- Shell (2)
- HTML (1)
- +
Supply-chain Levels for Software Artifacts
Created
2021-03-10
1,920 commits to main branch, last one 7 days ago
GUAC aggregates software security metadata into a high fidelity graph database.
Created
2022-06-10
1,867 commits to main branch, last one 13 hours ago
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Created
2020-01-28
390 commits to master branch, last one 2 months ago
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Created
2017-11-27
1,102 commits to main branch, last one about a year ago
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Created
2022-07-14
238 commits to main branch, last one 4 months ago
Graphing SBOM's Fast.
Created
2024-06-05
174 commits to main branch, last one 12 days ago
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-...
Created
2021-10-28
567 commits to main branch, last one a day ago
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Created
2022-04-22
439 commits to main branch, last one 10 months ago
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Created
2023-03-06
1,254 commits to main branch, last one 20 hours ago
Independent verification of binary packages - reproducible builds
Created
2019-12-12
453 commits to main branch, last one 2 days ago
Docker Scout CLI
Created
2023-05-21
185 commits to main branch, last one 6 days ago
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
Created
2023-01-21
245 commits to main branch, last one 2 months ago
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom
devsecops
attestation
awesome-list
cve-scanning
dependencies
oss-compliance
static-analysis
package-management
reproducible-builds
supply-chain-attacks
dependency-management
software-supply-chain
supply-chain-security
security-vulnerability
vulnerability-scanning
vulnerability-management
software-composition-analysis
software-supply-chain-security
Created
2022-02-20
447 commits to main branch, last one about a year ago
Developer-centric tool to secure your software supply chain.
Created
2024-05-31
301 commits to main branch, last one 2 months ago
Orchestrate GitHub Actions Security
Created
2021-10-12
1,305 commits to main branch, last one 14 days ago
Policy driven vetting of open source packages with malicious code analysis
Created
2022-12-30
514 commits to main branch, last one a day ago
boostsecurityio/poutine
Created
2024-04-09
183 commits to main branch, last one 5 days ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created
2020-03-26
392 commits to master branch, last one 18 days ago
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
Created
2022-01-08
958 commits to main branch, last one about a month ago
SBOM quality score - Quality metrics for your sboms
Created
2023-01-31
629 commits to main branch, last one 4 days ago
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...
Created
2022-12-05
500 commits to main branch, last one 2 months ago
Small tool to inform you about potential risks in project dependencies list
Created
2022-03-25
26 commits to main branch, last one about a year ago
List your dependencies capabilities and monitor if updates require more capabilities.
This repository has been archived
(exclude archived)
Created
2022-01-11
34 commits to main branch, last one about a year ago
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Created
2023-07-28
88 commits to main branch, last one about a year ago
Signing-key abuse and update exploitation framework
Created
2022-10-16
336 commits to main branch, last one 15 days ago
boostsecurityio/lotp
Created
2024-02-15
24 commits to main branch, last one a day ago
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Created
2023-01-12
330 commits to main branch, last one about a year ago
Docker Scout GitHub Action
Created
2023-02-27
246 commits to main branch, last one 6 days ago
Format agnostic SBOM tooling
Created
2024-01-10
221 commits to main branch, last one 6 days ago
Automatically assess and score software repositories for supply chain risk.
Created
2023-01-03
686 commits to main branch, last one 22 hours ago