CycodeLabs / cimon-action
Runtime Security Solution for your CI/CD Pipeline
☆87Updated 2 months ago
Related projects ⓘ
Alternatives and complementary repositories for cimon-action
- A tool to check the security settings of Github Organizations.☆69Updated last year
- An SBOM query language and associated utilities☆54Updated 9 months ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆92Updated 6 months ago
- This repo. is archived. The utility is now at: https://github.com/CycloneDX/sbom-utility☆61Updated last year
- NamespaceHound is the tool for detecting the risk of potential namespace crossing violations in multi-tenant clusters.☆55Updated 7 months ago
- The security workflow engine!☆73Updated this week
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆136Updated this week
- OpenVEX Specification☆130Updated 3 months ago
- Simple plug-and-play Github Action to block unauthorized outbound traffic (egress) in your Github workflows☆79Updated this week
- Supporting code and demos for KubeCon EU 2023 talk "Malicious Compliance: Reflections on Trusting Container Image Scanners"☆66Updated 11 months ago
- ☆51Updated 8 months ago
- kubernetes-for-soc aims to fast-track the learning curve for SOC analysts by enabling them to swiftly grasp the essential concepts and kn…☆51Updated 10 months ago
- Generate a score for your sbom to understand if it will actually be useful.☆221Updated 2 months ago
- Kubernetes audit logging, when you don't control the control plane☆65Updated this week
- fatbom (Fat Bill Of Materials) is a tool which combines the SBOM generated by various tools into one fat SBOM. Thus leveraging each tool'…☆32Updated 2 years ago
- Enrich SBOMs with data from third party services☆113Updated this week
- ☆107Updated last month
- A tool to create, transform and attest VEX metadata☆116Updated this week
- Research on various techniques to bypass default falco ruleset (based on falco v0.28.1).☆80Updated 9 months ago
- Format agnostic SBOM tooling☆77Updated this week
- vexctl is a tool to attest VEX impact statements☆44Updated last year
- Sharing software supply chain security open source projects☆39Updated last year
- Tool to achieve policy driven vetting of open source dependencies☆228Updated last week
- SPDX Merge tool☆39Updated 2 months ago
- truffleproc — hunt secrets in process memory (TruffleHog & gdb mashup)☆110Updated last year
- ☆24Updated 6 months ago
- Generative and mutative fuzzer for Kubernetes admission controller chains by automatically parsing the cluster api specification.☆70Updated last year
- Compare data from multiple vulnerability scanners to get a more complete picture of potential exposures.☆59Updated last year
- HashiCorp-relevant rules for the Semgrep code analysis tool☆37Updated last year
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆125Updated 9 months ago