CycodeLabs / gh-injection-vuln-demo
Demos for our research on Github actions script injection vulnerabilities
☆13Updated 8 months ago
Alternatives and similar repositories for gh-injection-vuln-demo:
Users that are interested in gh-injection-vuln-demo are comparing it to the libraries listed below
- Runtime Security Solution for your CI/CD Pipeline☆94Updated 4 months ago
- Enrich SBOMs with data from third party services☆152Updated this week
- SBOM quality score - Quality metrics for your sboms☆192Updated this week
- A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerabilit…☆286Updated this week
- Generate a score for your sbom to understand if it will actually be useful.☆224Updated 5 months ago
- GitHub Advanced Security Policy as Code☆77Updated 2 weeks ago
- A tool to create, transform and attest VEX metadata☆126Updated this week
- A compilation of Software Supply Chain Security resources including initiatives, standards, regulations, organizations, vendors, tooling,…☆130Updated last year
- A standard API specification for exchanging supply chain artifacts and intelligence☆68Updated last month
- The S2C2F Project is a group working within the OpenSSF's Supply Chain Integrity Working Group formed to further develop and continuously…☆195Updated this week
- A compilation of resources in the software supply chain security domain, with emphasis on open source☆304Updated last year
- Throw a tag at it and it comes back with a checksum.☆104Updated this week
- OWASP Foundation Web Respository☆54Updated last year
- Incubating project for decoupling responsibilities from Dependency-Track's monolithic API server into separate, scalable services.☆66Updated this week
- OpenVEX Specification☆141Updated 6 months ago
- Generate SBOMs with gh CLI☆177Updated 4 months ago
- Check SPDX SBOM for NTIA minimum elements☆58Updated this week
- Macaron is an extensible supply-chain security analysis framework from Oracle Labs that supports a wide range of build systems and CI/CD …☆144Updated this week
- A reading list for software supply-chain security.☆361Updated 2 years ago
- Template Go app repo with local test/lint/build/vulnerability check workflow, and on tag image test/build/release pipelines, with ko gene…☆104Updated 9 months ago
- The Open Threat Modeling Format (OTM) defines a platform independent way to define the threat model of any system.☆170Updated 2 months ago
- A repository with examples of CycloneDX BOMs (SBOM, SaaSBOM, OBOM, VEX, etc)☆191Updated last month
- A tool for preventing the installation of malicious PyPI and npm packages☆120Updated last month
- Utility that provides an API platform for validating, querying and managing BOM data☆99Updated 2 months ago
- GitHub Action for creating software bill of materials using Syft.☆175Updated last week
- A tool to check the security settings of Github Organizations.☆70Updated last year
- A GitHub App that acts like a Security Token Service (STS) for the Github API☆147Updated this week
- Archivista is a graph and storage service for in-toto attestations. Archivista enables the discovery and retrieval of attestations for so…☆79Updated this week
- ☆229Updated this week
- OWASP Foundation Web Respository☆81Updated last week