44 results found Sort:

233
1.6k
other
62
Supply-chain Levels for Software Artifacts
Created 2021-03-10
1,920 commits to main branch, last one 7 days ago
184
1.3k
apache-2.0
42
GUAC aggregates software security metadata into a high fidelity graph database.
Created 2022-06-10
1,867 commits to main branch, last one 13 hours ago
OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...
Created 2020-01-28
390 commits to master branch, last one 2 months ago
186
973
bsd-2-clause
32
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...
Created 2017-11-27
1,102 commits to main branch, last one about a year ago
64
793
apache-2.0
15
Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets
Created 2022-07-14
238 commits to main branch, last one 4 months ago
25
713
apache-2.0
25
Graphing SBOM's Fast.
Created 2024-06-05
174 commits to main branch, last one 12 days ago
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-...
Created 2021-10-28
567 commits to main branch, last one a day ago
34
661
agpl-3.0
9
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
Created 2022-04-22
439 commits to main branch, last one 10 months ago
32
388
apache-2.0
11
Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more
Created 2023-03-06
1,254 commits to main branch, last one 20 hours ago
27
372
gpl-3.0
13
Independent verification of binary packages - reproducible builds
Created 2019-12-12
453 commits to main branch, last one 2 days ago
100
365
other
15
Docker Scout CLI
Created 2023-05-21
185 commits to main branch, last one 6 days ago
BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
Created 2023-01-21
245 commits to main branch, last one 2 months ago
16
284
apache-2.0
4
Developer-centric tool to secure your software supply chain.
Created 2024-05-31
301 commits to main branch, last one 2 months ago
Orchestrate GitHub Actions Security
Created 2021-10-12
1,305 commits to main branch, last one 14 days ago
29
255
apache-2.0
8
Policy driven vetting of open source packages with malicious code analysis
Created 2022-12-30
514 commits to main branch, last one a day ago
28
254
apache-2.0
9
boostsecurityio/poutine
Created 2024-04-09
183 commits to main branch, last one 5 days ago
JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.
Created 2020-03-26
392 commits to master branch, last one 18 days ago
Catalogue all images of a Kubernetes cluster to multiple targets with Syft
Created 2022-01-08
958 commits to main branch, last one about a month ago
20
193
apache-2.0
7
SBOM quality score - Quality metrics for your sboms
Created 2023-01-31
629 commits to main branch, last one 4 days ago
24
144
upl-1.0
10
Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...
Created 2022-12-05
500 commits to main branch, last one 2 months ago
Small tool to inform you about potential risks in project dependencies list
Created 2022-03-25
26 commits to main branch, last one about a year ago
12
131
gpl-3.0
2
List your dependencies capabilities and monitor if updates require more capabilities.
This repository has been archived (exclude archived)
Created 2022-01-11
34 commits to main branch, last one about a year ago
A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...
Created 2023-07-28
88 commits to main branch, last one about a year ago
12
123
gpl-3.0
3
Signing-key abuse and update exploitation framework
Created 2022-10-16
336 commits to main branch, last one 15 days ago
11
112
apache-2.0
9
boostsecurityio/lotp
Created 2024-02-15
24 commits to main branch, last one a day ago
10
104
apache-2.0
6
Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance
Created 2023-01-12
330 commits to main branch, last one about a year ago
Docker Scout GitHub Action
Created 2023-02-27
246 commits to main branch, last one 6 days ago
18
99
apache-2.0
11
Format agnostic SBOM tooling
Created 2024-01-10
221 commits to main branch, last one 6 days ago
8
98
apache-2.0
12
Automatically assess and score software repositories for supply chain risk.
Created 2023-01-03
686 commits to main branch, last one 22 hours ago