Search Results - RepositoryStats

slsa slsa-framework

234

1.6k

other

61

Supply-chain Levels for Software Artifacts

devops security supply-chain-security

Created 2021-03-10

1,927 commits to main branch, last one 3 days ago

guac guacsec

186

1.3k

apache-2.0

42

GUAC aggregates software security metadata into a high fidelity graph database.

vex sbom slsa spdx graph in-toto security cyclonedx spdx-sbom attestations supply-chain vulnerability cyclonedx-sbom software-supply-chain supply-chain-security supply-chain-analytics supply-chain-visibility vulnerability-management software-supply-chain-security

Created 2022-06-10

1,929 commits to main branch, last one 22 hours ago

dep-scan owasp-dep-scan

107

1.1k

mit

15

OWASP dep-scan is a next-generation security and risk audit tool based on known vulnerabilities, advisories, and license limitations for project dependencies. Both local repositories and container ima...

cve sca vex sbom cyclonedx devsecops compliance containers risk-audit security-audit security-tools dependency-audit dependency-analysis reachability-analysis supply-chain-security vulnerability-scanners

Created 2020-01-28

404 commits to master branch, last one 3 days ago

tern tern-tools

188

978

bsd-2-clause

31

Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBOM that Tern generates will give you a layer-by-...

sbom spdx tool docker python compliance containers open-source dependencies oss-compliance risk-management metadata-extraction supply-chain-security software-composition-analysis

Created 2017-11-27

1,102 commits to main branch, last one about a year ago

legitify Legit-Labs

64

796

apache-2.0

15

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets

ci devops github gitlab golang security devsecops sdlc-security security-scanner supply-chain-security

Created 2022-07-14

238 commits to main branch, last one 5 months ago

harden-runner step-security

63

762

apache-2.0

11

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-...

actions runners hardening github-actions egress-filtering network-security runtime-security security-hardening supply-chain-security

Created 2021-10-28

584 commits to main branch, last one a day ago

minefield bitbomdev

26

717

apache-2.0

24

Graphing SBOM's Fast.

ai llm sbom graph airgap roaring-bitmaps supply-chain-security

Created 2024-06-05

184 commits to main branch, last one 11 days ago

packj ossillate-inc

35

662

agpl-3.0

9

Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Created 2022-04-22

439 commits to main branch, last one 11 months ago

chainloop chainloop-dev

33

392

apache-2.0

11

Evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, QA reports, and more

ospo sbom slsa spdx in-toto license security cyclonedx devsecops compliance attestation oss-compliance sbom-discovery slsa-provenance metadata-platform sbom-distribution regulated-industry open-source-licensing supply-chain-security

Created 2023-03-06

1,318 commits to main branch, last one 3 days ago

scout-cli docker

103

375

other

16

Docker Scout CLI

docker security supply-chain-security

Created 2023-05-21

187 commits to main branch, last one 4 days ago

rebuilderd kpcyrd

27

373

gpl-3.0

12

Independent verification of binary packages - Reproducible Builds

rust rebuilder supply-chain security-tools reproducible-builds supply-chain-security

Created 2019-12-12

470 commits to main branch, last one 18 days ago

blint owasp-dep-scan

37

357

mit

9

BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.

sbom binary depscan fuzzing malware cyclonedx supply-chain-security supply-chain-analytics

Created 2023-01-21

260 commits to main branch, last one 3 days ago

awesome-software-supply-chain-security bureado

27

311

unknown

25

A compilation of resources in the software supply chain security domain, with emphasis on open source

sbom devsecops attestation awesome-list cve-scanning dependencies oss-compliance static-analysis package-management reproducible-builds supply-chain-attacks dependency-management software-supply-chain supply-chain-security security-vulnerability vulnerability-scanning vulnerability-management software-composition-analysis software-supply-chain-security

Created 2022-02-20

447 commits to main branch, last one about a year ago

vet safedep

33

296

apache-2.0

11

🚀 Policy driven vetting of open source packages with malicious code analysis

npm pypi golang rubygems security devsecops policy-as-code static-analysis supply-chain-security software-composition-analysis

Created 2022-12-30

540 commits to main branch, last one a day ago

bsf buildsafedev

15

287

apache-2.0

4

Developer-centric tool to secure your software supply chain.

nix slsa hacktoberfest reproducibility supply-chain-security

Created 2024-05-31

301 commits to main branch, last one 3 months ago

secure-repo step-security

41

278

agpl-3.0

6

Orchestrate GitHub Actions Security

github golang actions security workflow github-actions security-tools supply-chain-security

Created 2021-10-12

1,305 commits to main branch, last one about a month ago

poutine boostsecurityio

28

259

apache-2.0

9

boostsecurityio/poutine

ci cli devops github golang security devsecops gh-extension supply-chain github-actions security-scanner supply-chain-security

Created 2024-04-09

183 commits to main branch, last one about a month ago

js-x-ray NodeSecure

25

238

mit

5

JavaScript & Node.js open-source SAST scanner. A static analyser for detecting most common malicious patterns 🔬.

ast sast nodejs security javascript ast-analysis security-audit security-tools supply-chain-security

Created 2020-03-26

396 commits to master branch, last one 13 days ago

PRevent apiiro

13

207

mit

2

Prevent merging of malicious code in pull requests

Created 2025-01-12

93 commits to main branch, last one 2 days ago

sbom-operator ckotzbauer

28

199

mit

5

Catalogue all images of a Kubernetes cluster to multiple targets with Syft

k8s sbom operator kubernetes supply-chain-security

Created 2022-01-08

958 commits to main branch, last one 2 months ago

sbomqs interlynk-io

22

197

apache-2.0

7

SBOM quality score - Quality metrics for your sboms

go sbom spdx golang cyclonedx sbom-tool sbom-score sbom-quality sbom-samples sbom-examples security-tools devsecops-pipeline supply-chain-security

Created 2023-01-31

634 commits to main branch, last one 5 days ago

macaron oracle

24

147

upl-1.0

9

Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD services. It can be used to prevent supply chain attacks, detec...

npm cicd sbom slsa maven docker gradle python build-system malware-analysis malware-detection integrity-protection supply-chain-security

Created 2022-12-05

532 commits to main branch, last one 12 days ago

sdc-check mbalabash

1

142

mit

2

Small tool to inform you about potential risks in project dependencies list

npm audit security supply-chain-security

Created 2022-03-25

26 commits to main branch, last one about a year ago

gocap cugu

12

132

gpl-3.0

2

List your dependencies capabilities and monitor if updates require more capabilities.

go supply-chain-attacks supply-chain-security

This repository has been archived (exclude archived)

Created 2022-01-11

34 commits to main branch, last one about a year ago

Software-Supply-Chain-Security vishalgarg-sec

16

132

unknown

6

A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling, books, articles and a plethora of learning resources from the ...

vex cncf sbom slsa owasp openssf attestations software-security open-source-security supply-chain-attacks dependency-management software-transparency supply-chain-security vulnerability-management software-bill-of-material software-supply-chain-security

Created 2023-07-28

88 commits to main branch, last one about a year ago

sh4d0wup kpcyrd

12

123

gpl-3.0

3

Signing-key abuse and update exploitation framework

hacking redteaming exploitation backdoor-factory penetration-testing supply-chain-security

Created 2022-10-16

341 commits to main branch, last one 10 days ago

lotp boostsecurityio

11

116

apache-2.0

9

boostsecurityio/lotp

lotp supply-chain-security living-off-the-pipeline

Created 2024-02-15

38 commits to main branch, last one 9 days ago

malicious-code-ruleset apiiro

4

110

mit

2

Focused malicious code detection ruleset, with a high protection-to-noise ratio

Created 2025-01-12

27 commits to main branch, last one 26 days ago

scout-action docker

32

104

other

9

Docker Scout GitHub Action

docker security github-actions supply-chain-security

Created 2023-02-27

248 commits to main branch, last one 4 days ago

s3cme mchmarny

10

104

apache-2.0

6

Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko generative SBOM, cosign attestation, and SLSA build provenance

oidc sbom slsa cosine provenance attestation vulnerability supply-chain-security

Created 2023-01-12

330 commits to main branch, last one about a year ago