35 results found Sort:
- Filter by Primary Language:
- Go (10)
- Rust (6)
- Python (5)
- JavaScript (4)
- TypeScript (3)
- Shell (2)
- HTML (1)
- +
Supply-chain Levels for Software Artifacts
Created
2021-03-10
1,827 commits to main branch, last one a day ago
GUAC aggregates software security metadata into a high fidelity graph database.
Created
2022-06-10
1,420 commits to main branch, last one 16 hours ago
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Created
2017-11-27
1,102 commits to main branch, last one 5 months ago
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Created
2020-01-28
351 commits to master branch, last one 21 days ago
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Created
2022-07-14
223 commits to main branch, last one 5 days ago
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Created
2022-04-22
439 commits to main branch, last one about a month ago
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Created
2021-10-28
481 commits to main branch, last one 9 days ago
Independent verification of binary packages - reproducible builds
Created
2019-12-12
408 commits to main branch, last one 7 months ago
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
Created
2023-03-06
548 commits to main branch, last one a day ago
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
Created
2023-01-21
227 commits to main branch, last one 3 days ago
A compilation of resources in the software supply chain security domain, with emphasis on open source
sbom
devsecops
attestation
awesome-list
cve-scanning
dependencies
oss-compliance
static-analysis
package-management
reproducible-builds
supply-chain-attacks
dependency-management
software-supply-chain
supply-chain-security
security-vulnerability
vulnerability-scanning
vulnerability-management
software-composition-analysis
software-supply-chain-security
Created
2022-02-20
447 commits to main branch, last one about a year ago
Orchestrate GitHub Actions Security
Created
2021-10-12
1,269 commits to main branch, last one 10 months ago
Docker Scout CLI
Created
2023-05-21
155 commits to main branch, last one 3 days ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created
2020-03-26
356 commits to master branch, last one 11 days ago
Tool to achieve policy driven vetting of open source dependencies
Created
2022-12-30
330 commits to main branch, last one 14 days ago
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
Created
2022-01-08
895 commits to main branch, last one 7 days ago
boostsecurityio/poutine
Created
2024-04-09
67 commits to main branch, last one 2 days ago
Small tool to inform you about potential risks in project dependencies list
Created
2022-03-25
26 commits to main branch, last one 6 months ago
SBOM quality score - Quality metrics for your sboms
Created
2023-01-31
344 commits to main branch, last one 7 days ago
List your dependencies capabilities and monitor if updates require more capabilities.
This repository has been archived
(exclude archived)
Created
2022-01-11
34 commits to main branch, last one about a year ago
Signing-key abuse and update exploitation framework
Created
2022-10-16
292 commits to main branch, last one 2 months ago
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Created
2023-07-28
88 commits to main branch, last one 4 months ago
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks or che...
Created
2022-12-05
398 commits to main branch, last one about a month ago
boostsecurityio/lotp
Created
2024-02-15
12 commits to main branch, last one 3 months ago
Experimental binary transparency for pacman with sigstore and rekor
Created
2021-08-23
64 commits to main branch, last one 6 months ago
Runtime Security Solution for your CI/CD Pipeline
Created
2023-03-02
75 commits to main branch, last one 27 days ago
Analyze any snippet, file, or repository to detect possible security flaws such as secret in code, open source vulnerability, code security, vulnerability, insecure infrastructure as code, and potenti...
Created
2023-06-25
80 commits to main branch, last one 9 months ago
Docker Scout GitHub Action
Created
2023-02-27
221 commits to main branch, last one 3 days ago
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Created
2023-01-12
330 commits to main branch, last one 4 months ago
scans popular packages and alerts in cases there is suspicion of an account takeover
Created
2021-11-29
10 commits to master branch, last one 2 years ago